PHP files injection - file uploads ON-OFF

1

This feature is enabled by default because it is the one that allows you to load images, for example from your administration interface, it also allows for contact form 'users to send images/files, and depending on your CMS, types files are limited, which is fine ... this feature is also useful for some modules/scripts.

But the problem is that despite our server security that stops 99% of injections attacks like PHP and SQL files, it remains that some files succeeds to be injected, scope is sending emails on your behalf, and also in some case to take control of your site.
A well-designed CMS protect against injections, ditto for the themes/modules, and what matters is that they are regularly updated...

If you want optimal security, and you do not need to constantly activated file_uploads function, put in temporarily or permanently OFF from your cPanel : 
https://support.yoorshop.hosting/knowledgebase/115/Can-I-customize-my-phpini.html

NB :

- If file_uploads is OFF, this does not normally prevent plugins updates and your CMS to function properly
- for wordpress websites, we recommend strongly this efficient firewall against many threats like injections : https://wordpress.org/plugins/ninjafirewall/
- for prestashop sites, even if well secured if uptodate, it seems it does not exist any firewall module

Also Read

Protection WordPress xmlrpc.php

You are actually by default on mode PROXY with profile 'YOORshop defaut', this is good to know if...

Htaccess directory protection

Go to your cPanel in section Files and click Directory privacy. To secure one of the directories...

MANDATORY security measures for WordPress

It is not a secret, wordpress websites suffer from multiple attacks and increasingly causing...

You are under ddos attack ?

    Ddos attack ? Let's talk about it in case we did not already intervene :) Naughty IPs...

Two-Factor authentication 2FA cPanel

Find the icon in cPanel, Security section: Two-factor authentication To configure 2FA, perform...