Hi friends ,
We see a lot of shells and scripts that gets uploaded to the /wp-content/uploads directory. Generally these are shell scripts and other scripts that allow pretty much total control over your hosting filesystem and database.
A quick way to help protect against this is to put an .htaccess file in the /wp-content/uploads directory that contains the following code:
<Files *.php> deny from all </Files>
This will stop any PHP file from being executed in the uploads directory.
or for perl scripts
<Files *.pl> deny from all </Files>
or for python
<Files *.py> deny from all </Files>
VERY few plugins ever use PHP files in the uploads directory and certainly shouldn’t be executing them there, so this is a very safe method to get one step closer to securing your WordPress installation.
Disable PHP Execution In WordPress Uploads Directory
Good luck ,