How to disable PHP in selected directories

One way to disable PHP is to use Apache directives in an .htaccess file to reverse Dreamhost’s default PHP setup. For example, the following .htaccess will disable PHP, and turn them into “mostly harmless” text files. The RemoveHandler directive disabled PHP, and the rest just cleans up presentation:

# Disable PHP processing
RemoveHandler .php

# Disable index.php for directory indexes, and treat PHP as text
DirectoryIndex index.html
AddType text/plain .php

Note that the .htaccess files can be placed either in a site’s directory or “above” the site, in a parent directory. This is useful for rules you want applied to all or a sub-set of sites. For example, you could disable PHP for all a user’s sites or just a sub-directory:

  • /home/user/.htaccess - rules apply to all of user's sites like ~/
  • /home/user/static-sites/.htaccess - rules apply to all sites in the static-sites directory like ~/static-sites/, but not outside static-stites.

Thanks for your sharing. I would like to provide a better .htaccess file.

<IfModule mod_mime.c>
	RemoveHandler .php .phtml .php3 .php4 .php5
	RemoveType .php .phtml .php3 .php4 .php5
<IfModule mod_php5.c>
	php_flag engine off

I’m Shopify development app by Laravel. I’m using the .htaccess file for any upload folder. hacker can’t do anything if he able to upload php file to your server.

1 Like