Is there a way to hide the uploads folder from public/

  • Is there a plugin available or any other way to hide the uploads folder/directory so that if a user were to go to it it’d return a Not Found or Forbidden message?

Viewing 5 replies - 1 through 5 (of 5 total)

  • Drop a htaccess file in the wp-contents folder.

    Order Allow,Deny
Deny from all
<Files ~ "\.(css|jpe?g|png|xsl|gif|ico|js)$">
 Allow from all
</Files>

    This will return a 404 for wp-contents and all subdirectories beneath it such wp-content/uploads, /themes, /plugins

    Thread Starter hellocatfood

    (@hellocatfood)

    Cheers ??

    Actually an ever better way is place the following in a htaccess file,
    Options -Indexes

    That will turn off indexing for whatever folder it resides in as well as any subfolders beneath it. For example, if you place it in wp-contents it will protect not only wp-contents but wp-contents/themes, wp-contents/plugins and wp-contents/uploads as well.

    If you place it at root it will work for all foldes/subfolders sitewide.

    .htaccess will work or just place an index.html/index.php in the directories with whatever message you want. The first method is best but the second is easiest.

    A word of caution: if you use an index file make sure you don’t use a PHP index file in the plugin directory. It may bork the dashboard.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is there a way to hide the uploads folder from public/’ is closed to new replies.