Explore How you can Protect WordPress Upload folder

WordPress is secure content management system, but every CMS has a loophole which can exploit your website to Vulnerabilities and threats. You can still improve your WordPress website by adding more security layers in it.


A secure website is vital for your online success; it is the place where your customers and readers feel safe to share their thoughts and personal information. Hackers compromises website security by stealing customer’s/reader’s personal information and ended by injecting malicious code in the website root directory. Cyber criminals can potentially harm your business and your brand name from the market, so it is essential to have a secure website.

Securing a website is not an easy task, here in this post I will be explaining how to secure your WordPress upload folder.

WordPress upload folder by default is not secure and it is vulnerable to the threats and hacking. The upload folder wp-content/uploads has the index page in it, If the upload folder does not have the index file then you can easily see the entire thing in the browser.


You can secure your WordPress upload folder by two methods which a newbie blogger can do to add security layer in it.

Method No.1- Installing plugin

“Secure Folder wp-content/uploads” Plugin

This is the simple plugin to secure you wp-content/uploads folder against unauthorized access and from being browse and copy.

Here are the steps to add this plugin:

  • login to your WP dashboard
  • Select the plugin option and add this plugin either by finding or uploading the zip file.

After the installation, activate it check on the link says “your wp-content/uploads folder are open”, click on the secure folder and you are done.


Method No.2- Editing .htaccess file

Create a new file name .htaccess in your upload folder and add this code:

<Files ~ ".*..*">
Order Allow,Deny
Deny from all
<FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$">
Order Deny,Allow
Allow from all

Modify line no. 5 <FilesMatch “.(jpg|jpeg|jpe|gif|png|tif|tiff)$”> and add any extension which you wish to upload any media file such as PDF or mp4.

These two methods are the best and easy way to protect your WordPress upload folder against unauthorized access, so choose according to your comfort level. Adding more and more plugin will slows down your site load speed, it is better to create an .htaccess file add the above code and upload it via FTP.

Please don’t forget to drop in your valuable feedback using the comments box below or if you have any other suggestion to secure your WP upload folder.

Leave a Reply

Your email address will not be published. Required fields are marked *