Security is one of the main concerns when it comes to running a website, especially if it is based on the popular platform, WordPress. It is crucial to get right since there are many examples where hackers have successfully identified vulnerabilities in WordPress and comprimized large number of websites. The most important thing to always take care of is keeping WordPress core, themes and plugins up to date at all time. This will prevent that your website contains hidden, but known vulnerabilities waiting to be exploited.
Website security is also essential for bloggers and small website owners even though they may not have the knowledge and experience in place. It is about protecting the time spent and investments made and the trust of visitors and customers.
Website security problems comes in many forms since scrappers, hackers and spammers have constantly been developing new techniques. For a WordPress based website running on PHP, one of the most common problems is when hackers are allowed to upload a PHP file to folders that need to be writable. The most vulnerable folder is the /uploads/ folder, since working with WordPress content often required that multiple users can easily upload new media files.
This is a mini tutorial on how to make your WordPress upload folder more secure when it comes to limiting unwanted media uploads. Just create an .htacces file in the /uploads/ directory and paste the following code:
# Secure /uploads/ directory from unwanted file types <Files ~ ".*..*"> Order Allow,Deny Deny from all </Files> <FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$"> Order Deny,Allow Allow from all </FilesMatch>
Basically, an htaccess file is a configuration file for the web server that can hold functions and modifications in your site.
First, this script denies all files and then it allowed certain extensions for known image files. You can see on the fifth line of the code the file extensions allowed to be uploaded. You can either add or delete some base on what you prefer or need. For example, if you need to upload PDF files you should add ‘pdf’ to the list.
By adding this simple solution, unwanted uploads and file extensions are filtered, thus, making it harder to get vulnerable executable files uploaded to your site.