i seen some hackers use shell script or backdoor to hack sites as it displays all info about database and can access filemanager.
is there any special code to stop shell script from getting uploaded in site?
they can upload shell script because vulnerable of the site.
dont worry if your site is clean, not have some bugs.
use themes and plugins from trusted developer.
strip all input form. and don't allow visitor uploading to your site
Yes, when it comes to scripting, always use trusted sources, if you don't know if they are trustworthy, google them, I am sure you'll find if anything is bad about them.
If you are good at programming, always check the source code, you'll understand if there is backdoors or bad code.
Always update your script to the newest one, and dont use theme or plugins from untrusted source
It is important to check the database user permissions and the webserver user permissions.
You should reduce their permissions to the minimum possible.
verify the current shell access of every user by issuing
The last column of the ouput is the current shell
Change it to /bin/false.
If your users require shell access you may use a chroot or maybe cloud linux