Protecting The Uploading Folders and Centers in WordPress


To prevent running malicious files or PHP files in the uploading folders of WordPress or the other scripts, embed a code that only allows reviewing pictures in the .htaccess file inside the upload folder.

For example, the upload folder in WordPress is wp-content/uploads, so the following code is embedded in the .htaccess file inside the mentioned folder:

# If the URI is an image then we allow accesses

SetEnvIfNoCase Request_URI ".(gif|jpe?g|doc|png|bmp)$" let_me_in

Order Deny,Allow 

Deny from All

# Allow accesses only if an images was requested

Allow from env=let_me_in

deny from all 

To make the file content as follows:



If you want to allow running other extensions, you can add the extension to this line:

SetEnvIfNoCase Request_URI ".(gif|jpe?g|doc|png|bmp)$" let_me_in


Also, It is always recommended to upgrade to the latest available versions of the used script and the plugins installed on it.

Was this answer helpful? 20 Users Found This Useful (20 Votes)