Securing the WordPress Uploads Folder

Here’s a quick tip to help in securing your WordPress uploads folder from being abused by people uploading unauthorised file types.

Create a new blank file in your /wp-content/uploads/ folder called .htaccess

Add the following code:

Modify line 5 and add in any file extensions that you may need to upload to your WordPress website such as pdf or mp4.

Was this article helpful?

Keep In Touch


Wil is a dad, WordPress consultant, WordPress developer, business coach and mentor. He co-organizes the WordPress Sydney meetup group and has been on the organising committee for WordCamp Sydney since 2014. He speaks at many special events and contributes to the WordPress open source project. His likes are chillies, craft beer and electrogravitics.

1 thought on “Securing the WordPress Uploads Folder”

Comments are closed.