[wp-hackers] securing /wp-content/uploads

Bill Dennen dennen at gmail.com
Thu Apr 5 16:55:35 UTC 2012

You might also look at WP Document Revisions -- one of its features is:

Access Control - Each document is given a persistent URL (e.g.,
yourcompany.com/documents/2011/08/TPS-Report.doc) which can be private
(securely delivered only to members of your organization), password
protected (available only to those you select such as clients or
contractors), or public (published and hosted for the world to see).
If you catch a typo and upload a new version, that URL will continue
to point to the latest version, regardless of how many changes you

Note, this isn't perfect, or 100% secure, in fact. The actual file is
still on your server, with a long name filled with seemingly random
characters. Difficult, but not impossible, to guess.


> On 5 April 2012 17:49, Eric Mann <eric at eam.me> wrote:
> > My recommendation would be to use .htaccess to require authentication for
> > that directory.

More information about the wp-hackers mailing list