Disable php Execution Not Working

WordPress does not have .htaccess file in the mentioned directory. Do you create it manually and create it via FTP or SSH? Then it may be your hosting or a plugin you use (security plugin?) which removes the file.

@threadi

Originally I tried using a couple of different security plugins, but kept noticing that it would say it was disabled and then another time would say it wasn’t.

I then tried to do so manually using the guide from https://www.wpbeginner.com/wp-tutorials/how-to-disable-php-execution-in-certain-wordpress-directories/

Which said a .htaccess file was needed in wp-includes and wp-content/uploads. One of these already had a .htaccess file, although nothing was showing, and the other didn’t. I can’t remember which was which.

In wp-includes the code shows and works beautifully. It’s just in wp-content/uploads that there is a problem. I’ve tried creating new, made sure permissions and type were correct, and even copied the .htaccess from wp-includes (which works) over to wp-content/uploads – to see if this would work.

Host won’t help says it not them. Plugins disabled and tested as cause

Adding to the mystery, I just used a different security plugin with the option to block code execution in wp-content/uploads/ not only did their code remain on .htaccess, but even if I deleted their code and added the one above it still remained in place and was recognised as blocking. But only as long as the plugin was active, for as soon as I deactivated it, the code was deleted once again.

However, inspired by the code this plugin first produced, I’ve made some changes and so far the below code isn’t being deleted from .htaccess

#Begin
<Files *.php>
	deny from all
</Files>
#End

If it continues to not be deleted, I’ll mark this as a solution. Still puzzled though as to why wp-includes would accept and work with the .htaccess being: <Files *.php> deny from all </Files>, and with this even working in wp-content/uploads/ but only if a specific plugin was active. Very weird.