By default, a plugin/theme vulnerability could allow a PHP file to get uploaded into your site's directories and in turn execute harmful scripts that can wreak havoc on your website. Prevent this altogether by disabling direct PHP execution in directories that don't require it.
HOW TO FIX
We will place .htaccess files into each of these directories to prevent PHP execution.
ADD .HTACCESS FILE
I clicked many time, but still red.
How to fix it?
Support access is open