Scripts in upload folder of Wordpress

Modified on Thu, 3 Feb, 2022 at 7:14 PM

As a security measure we have set up that PHP and Javascript files cannot be executed via the uploads folder of Wordpress. This reduces the risk of your website being hacked. If you call a file with the appropriate extensions on the site that is in the uploads folder, the corresponding script will be displayed in plain text on the website. 


We recommend moving the files to another folder to make them executable. You can create a separate folder in the wp content folder and call the scripts from there. It is also possible, when the script comes from a plugin, to place it in the folder of the plugin. You run the risk that when the plugin is updated the files can be changed or even deleted. 


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article