[wp-hackers] securing /wp-content/uploads

Andrew Nacin wp at andrewnacin.com
Sat Apr 7 06:25:29 UTC 2012

On Apr 5, 2012 12:55 PM, "Bill Dennen" <dennen at gmail.com> wrote:
> Note, this isn't perfect, or 100% secure, in fact. The actual file is
> still on your server, with a long name filled with seemingly random
> characters. Difficult, but not impossible, to guess.
> http://wordpress.org/extend/plugins/wp-document-revisions/

That's just default (read: portable) behavior. I am pretty sure the plugin
allows you to store files outside the web root and/or you can just deny
access to wp-content/uploads/documents and then let the plugin serve the
individual documents through its bootstrap.


More information about the wp-hackers mailing list