It is required to secure any folder that has rights for uploading with locking it down so that coding cannot execute within the folders and subfolders of that directory structure. The following code should be placed within an .htaccess file at the root of any folder that has access to upload or create files on the server.
.htaccess files can be placed anywhere within a folder structure, and you need to have knowledge of Appache web server in order to construct them. By placing the following code within and .htaccess file, this will prevent the execution of any .php file with the exception of index.php.
<Files *.php> deny from all </Files> <Files "index.php"> Order Allow,Deny Allow from all </Files>