For a server using Plesk add the following lines to a .htaccess file to stop execution of PHP scripts in the folder:
1 2 3 |
RemoveHandler .php .phtml .php3 RemoveType .php .phtml .php3 php_flag engine off |
I like to use this to protect cache and image upload folders that are writable by the web server but should not be able to execute code.
As a further precaution, chown the .htaccess to root, so it can’t be overwritten by Apache or FTP, and “chattr +i” to be sure about it.