By default, everyone is able to access and browse through your wp-content folder by adding ‘wp-content/uploads’ to your domain name. This means they’ll be able to see all ‘Media’ files you have uploaded to WordPress. In this post, we are going to see How to block access to the wp-content uploads folder.
In a lot of cases, you don’t want this to happen, as some files aren’t supposed to be accessible to everyone. For instance, you might have an e-book uploaded, that you only want to give away to people that subscribe to your email list.
You can block access to these folders by editing the .htaccess file. for your site. This file is located in the root directory of your WordPress website.
Mission: block access to the wp-content uploads folder
There are multiple ways to access and edit the .htaccess file. You can use Filezilla or your hosting service’s cPanel file manager.If you’re using cPanel, click ‘File Manager’, then select the site you want to do this for.
Step 1: If you’re using cPanel, click ‘File Manager’, then select the site you want to do this for.
Step 2: Make sure you have ‘Show Hidden Files (dotfiles).’ Selected! If you don’t, you won’t be able to to see your .htaccess file.
Step 3: Click ‘Go’ to go to the root directory of your site.
Step 4: In File Manager, select your .htaccess file, then right-click, and click ‘Code Edit’.
Step 5: Click ‘Edit’.
Step 6: On a blank line add the following code:
Step 7: “Options -Indexes”
Step 8: Then click ‘Save’, to save the .htaccess file.
As you can see, visiting any part of your WP-content directory now gives the error
403 Permission Denied
You do not have permission for this request /wp-content/uploads/