Restrict access to my upload folder

how I can block people from directly viewing my uploaded files in the upload folder by typing in the direct address to them

Short answer… realistically, you can’t if the uploads are generally web accessible.

Research “Options -Indexes” for your .htaccess file.

“Options -Indexes”, only prevents casual browsing of directories. It does not prevent viewing or downloading if someone knows the URL of the object that they want, but it might help reduce directory browsing if that is the issue.

perfect, thank you!

Holy cow, we’re on a roll tonight! I’m glad that did it for you!

??

i seem to add “Options -Indexes” into my .htaccess and i am able to block access to my wp-content folder but then after a day or so anyone is able to view my “hidden” files again.

any thoughts to this? did i do something wrong?

thanks,
andrew.

any thoughts here?

any other suggestions guys?

The .htaccess file is being replaced by wordpress when you have settings in wp that htaccess. I had the same problem the first time I made changes to the .htaccess file. My quick fix was that I copied the setting in the htaccess file, then deleted it, and created a new .htaccess file while giving permissions only for the user/owner (me).
I then pasted the settings I had in the old one, and added some of my own.
The downside is, that wp can’t write to the file anymore, so if you make changes which require htaccess, they won’t work.
There must be a better solution to this, but I was in a rush, and that worked for me.

I might be wrong about the true logic behind the htaccess replacement thingy, but that’s how it seemed to be operating back then. I’m by no means a pro with wordpress at this point. Well, hopefully this helps somebody. =)

..andI just found a better solution in:https://www.ads-software.com/support/topic/201172?replies=2

iridiax said:
Keep other code out of the WordPress section of the .htaccess (between # BEGIN WordPress and # END WordPress) or it will overwrite it.

Glad we got that sorted out! =)