Obviously, security is a very important issue on a website. By default, WordPress is very secure but you can still improve it. Today, let’s see how you can a .htaccess file to secure your uploads directory and only accept specific files extensions.
Create a file named .htaccess and paste the following code in it. Once done, upload the filet into your wp-content/uploads directory.
The following example will only accept images files. If you need to be able to upload other file types, such as .pdf, don’t forget to add the file extension to the list on line 5.
<Files ~ ".*..*"> Order Allow,Deny Deny from all </Files> <FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$"> Order Deny,Allow Allow from all </FilesMatch>
Thanks to Jeff Starr for the great tip!