Defender, NGINX, and access to Root for things

Hello – I use Cloudways – which is a layer on top of a Vultr Cloud Server. My website is hosted on an NGINX server (all of my sites are hosted there)

So, of course I do the Defender scan – the message I get is I need to make changes for “Prevent PHP Execution” and “Prevent Information Disclosure”

I have asked Cloudways to help me with the Root – they will not –

So I created an .htaccess file with:

<Files *.php>

deny from all


and placed it in the wp-includes/ and /wp-content/uploads/ folders.

yet I still get a message from defender –

so – can you help me on this once and for all – so I can do this across all 50 sites?

  • Nahid
    • Tech Support

    Hey Michael !

    Hope you are having a great day!

    Cloudways uses a bit different sort of server configuration than usual servers, it uses both Apache (for dynamic resources) and NGINX (for static resources). So adding the code into .conf file in 'nginx' configurations should solve the issue. Here's a screenshot for reference:

    The NGINX .conf file is usually located in a subdirectory under /etc/nginx/… or /usr/local/nginx/conf/.

    Please let me know if this helps. I'll be looking forward to hearing back from you. Thanks!



  • Dimitris
    • Support Star

    Hello there Michael,

    hope you’re doing good today! :slight_smile:

    This is a restriction made their “managed” side of server, so there isn’t much that we can do about it. I believe that they should allow you to make such change, or make it themselves for you, as all that has to be done is some server-side configuration. Have you asked them if they have deployed already any similar protection rule in their stack, considering WP installs?

    Warm regards,


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.