Forum Topic: Double Protecting Uploads Directory

Forum: .htaccess Forum : WordPress • Posted by Leon Fernandez • Updated: Sunday, October 18th, 2015 @ 2:38 pm

A couple of questions related to doing this, this is the rule I saw months ago at Perishable Press:

#Secure uploads directory
<Files ~ ".*\..*">
	Order Allow,Deny
	Deny from all
</Files>
<FilesMatch "\.(jpg|JPG|jpeg|jpe|gif|png|tif|tiff|zip|mp3|mov)$">
	Order Deny,Allow
	Allow from all
</FilesMatch>

This only allows the mentioned file types in the directory, so:

1. According to htaccess nature, it applies automatically to all subdirectories as well is that correct (no need to define in individual subdirs)?

– example: /uploads/2015/01, /uploads/2015/02, /uploads/2015/03…

2. Adding this to the base htaccess file will help, or it is not necesary when previous one is declared?

#Server Rewrite Protect Files
<IfModule mod_rewrite.c>
	RewriteEngine On
	#Disable PHP in Uploads
	RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
</IfModule>

1 Reply to “Double Protecting Uploads Directory”

Posted by Jeff Starr • Monday, April 13th, 2015

When in doubt, test. According to my tests .htaccess cascading functionality applies even to the uploads directory. So no need for double protection.

← WordPress – redirecting posts – default format

5G Firewall into Multisite →

.htaccess made easy

improve security & performance

Forum Topic: Double Protecting Uploads Directory

1 Reply to “Double Protecting Uploads Directory”