Most of the Times hackers or Attackers Upload Malware php scripts to sites when 777 (or just enough) permission for folder are present . Due to some application you can change the permission of the folder to secure it . So here is the another way to secure it using .htaccess file.
Using this htaccess code you can stop direct php access/execution in that folder or subfolder.
Please this code in the folder which you have to secure.
Create htaccess file and place below code in it :
Deny from all