How to Secure Your WordPress Uploads Directory

June 20, 2013 · 1 comment

by Lars

Security is one of the main concerns when it comes to running a website, especially if it is based on the popular platform, WordPress. It is crucial to get right since there are many examples where hackers have successfully identified vulnerabilities in WordPress and comprimized large number of websites. The most important thing to always take care of is keeping WordPress core, themes and plugins up to date at all time. This will prevent that your website contains hidden, but known vulnerabilities waiting to be exploited.

Website security is also essential for bloggers and small website owners even though they may not have the knowledge and experience in place. It is about protecting the time spent and investments made and the trust of visitors and customers.

Website security problems comes in many forms since scrappers, hackers and spammers have constantly been developing new techniques. For a WordPress based website running on PHP, one of the most common problems is when hackers are allowed to upload a PHP file to folders that need to be writable. The most vulnerable folder is the /uploads/ folder, since working with WordPress content often required that multiple users can easily upload new media files.


ElegantThemes
ThemeForest

Advertisement
This is a mini tutorial on how to make your WordPress upload folder more secure when it comes to limiting unwanted media uploads. Just create an .htacces file in the /uploads/ directory and paste the following code:

# Secure /uploads/ directory from unwanted file types
<Files ~ ".*..*">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$">
Order Deny,Allow
Allow from all
</FilesMatch>

Basically, an htaccess file is a configuration file for the web server that can hold functions and modifications in your site.

First, this script denies all files and then it allowed certain extensions for known image files. You can see on the fifth line of the code the file extensions allowed to be uploaded. You can either add or delete some base on what you prefer or need. For example, if you need to upload PDF files you should add ‘pdf’ to the list.

By adding this simple solution, unwanted uploads and file extensions are filtered, thus, making it harder to get vulnerable executable files uploaded to your site.

Author : Lars Vraa

Lars is passionate about web design, web development, SEO, social media and loves to look into new technologies, techniques, tools etc. and to write articles for tripwire magazine readers.

{ 1 comment… read it below or add one }

Alok June 20, 2013 at 10:50 am

Nice informational blog, you have good knowledge of WordPress and this article about Security in uploading directory is really helpful.

GreatWork!!!!

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous post:

Next post:


Web Analytics