HEX
Server: Apache
System: Linux webd004.cluster130.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64
User: frenchy (106757)
PHP: 7.4.33
Disabled: _dyuweyrj4,_dyuweyrj4r,dl
$ pwd: /home/frenchy/www/_trash/wp-content/plugins/secupress/inc/modules/firewall/plugins/
Upload Files
File: /home/frenchy/www/_trash/wp-content/plugins/secupress/inc/modules/firewall/plugins/ban-404-php.php
<?php
/**
 * Module Name: Block 404 on .php
 * Description: Block requests on any .php file
 * Main Module: firewall
 * Author: SecuPress
 * Version: 1.1
 */

defined( 'SECUPRESS_VERSION' ) or die( 'Something went wrong.' );

add_action( 'template_redirect', 'secupress_block_404_php' );
/**
 * Block request if a 404 file if a .php one
 *
 * @since 2.0.1 Test file_exists to avoid fake 404 created by plugins
 * @since 1.1 Use secupress_block() instead of secupress_ban_ip()
 * @since 1.0
 * @author Julio potier
 **/
function secupress_block_404_php() {
	if ( is_404() && 'php' === pathinfo( basename( secupress_get_current_url( 'uri' ) ), PATHINFO_EXTENSION ) && ! file_exists( ABSPATH . secupress_get_current_url( 'uri' ) ) ) {
		secupress_block( 'PHP404', 403 );
	}
}
@ Telegram