Title: Restricting .PHP upload
Last modified: November 28, 2016

---

# Restricting .PHP upload

 *  [Alkaweb](https://wordpress.org/support/users/alkaweb/)
 * (@alkaweb)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/restricting-php-upload/)
 * Hello Thom,
 * Once again, thank you very much for this awesome plugin! It’s from far the best
   Files Manager plugin for WordPress.
 * However, we’ve noticed that .php files can be uploaded by default.
 * Maybe, it can be more safe to deactivate such uploads in the first place and 
   add an option to allow those files to be uploaded. Or just adding it by default
   to the restricted files types. So any user can enable it back on.
 * I’m writing this because we had a server hacked that way. It’s no big deal as
   we’re recovering any issue and it’s because our uploader shortcode is public.
   But I think it can be a safe point to check and an be very useful for community
   sites who might allow uploads from any user.
 * Please, let me know if you need more details.
 * Best regards,
 * 2F (François)
    -  This topic was modified 9 years, 6 months ago by [Alkaweb](https://wordpress.org/support/users/alkaweb/).

The topic ‘Restricting .PHP upload’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/file-away_e3e2e1.svg)
 * [File Away](https://wordpress.org/plugins/file-away/)
 * [Support Threads](https://wordpress.org/support/plugin/file-away/)
 * [Active Topics](https://wordpress.org/support/plugin/file-away/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/file-away/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/file-away/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [Alkaweb](https://wordpress.org/support/users/alkaweb/)
 * Last activity: [9 years, 6 months ago](https://wordpress.org/support/topic/restricting-php-upload/)
 * Status: not resolved