Forum Topic: Double Protecting Uploads Directory

Forum: .htaccess Forum : WordPress • Posted by Leon Fernandez • Updated:

A couple of questions related to doing this, this is the rule I saw months ago at Perishable Press:

#Secure uploads directory
<Files ~ ".*\..*">
	Order Allow,Deny
	Deny from all
<FilesMatch "\.(jpg|JPG|jpeg|jpe|gif|png|tif|tiff|zip|mp3|mov)$">
	Order Deny,Allow
	Allow from all

This only allows the mentioned file types in the directory, so:

1. According to htaccess nature, it applies automatically to all subdirectories as well is that correct (no need to define in individual subdirs)?

– example: /uploads/2015/01, /uploads/2015/02, /uploads/2015/03

2. Adding this to the base htaccess file will help, or it is not necesary when previous one is declared?

#Server Rewrite Protect Files
<IfModule mod_rewrite.c>
	RewriteEngine On
	#Disable PHP in Uploads
	RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]

1 Reply to “Double Protecting Uploads Directory”

Posted by Jeff Starr

When in doubt, test. According to my tests .htaccess cascading functionality applies even to the uploads directory. So no need for double protection.