Jethost’s Help Center


Disable Code Execution in Media Folders

WordPress stores media files like images, PDFs, and videos in the wp-content/uploads directory. In some cases, attackers target these folders to upload malicious scripts. With the JetHost Total Care disable code execution in media folders setting, you can prevent those scripts from running and reduce risk without breaking your uploads.

Why You Might Want to Disable Code Execution in Uploads

By default, WordPress allows files to be uploaded into the media folder, but it doesn’t always block script execution. If someone uploads a .php file or similar code, and the server doesn’t restrict it, the file might run if accessed directly.

Disabling execution in media folders helps you:

  • Stop scripts from running in the uploads directory
  • Prevent common malware tactics used after a site is compromised
  • Secure a vulnerable folder without affecting normal file access

In short, you keep the folder usable for media but block it from acting like a program directory.

What Happens When Code Executes from Media Folders

Let’s say a malicious user uploads a .php file into wp-content/uploads/2024/. If that file runs on your server, it could execute commands, create fake admin users, or inject spam into your site. Even if you have other security measures, blocking script execution here adds a powerful safeguard.

How to Disable Code Execution with JetHost Total Care

To control autosave using JetHost Total Care:

1. Log in to your WordPress dashboard.
2. Open the JetHost Total Care section from the sidebar.
3. In the tab Security, look for the setting labeled Disable code execution in media folders.
4. Toggle the switch to activate the protection.

JetHost Total Care disable code execution in media folders

JetHost Total Care saves the change automatically when you toggle the setting.

JetHost Total Care Security setting updated

What Changes After You Enable It

Once active, this setting blocks PHP and other executable scripts from running inside your uploads directory. Visitors and bots will still be able to view images or download documents but if someone tries to execute code from that folder, the request will be denied.

This doesn’t interfere with media display. You can still upload and serve files normally.

JetHost Experts Tip

If your site allows file uploads (even from logged-in users), enabling this setting is a must. It stops one of the most common entry points used by attackers after they gain access.

Need More Help?

The JetHost Total Care disable code execution in media folders setting gives you a powerful way to protect one of WordPress’s most vulnerable areas. It’s a behind-the-scenes defense that quietly blocks malicious behavior without disrupting your WordPress site. Check out more WordPress security tutorials to keep your site clean, stable, and under control.

Back to help