WordPress tutorial, How to wordpress secure file upload using apache rules, Here we given apache rule for secure your wordpress file upload functionality.
How to wordpress secure file upload using apache rules
Website security is most important point of any website. In wordpress we need to give 777 permission to wp-content/uploads folder. Some time we don’t want to give the 777 (read, write and execute) permission to folder due to security reason but wordpress do not allow you to upload images or media files to uploads folder.
Tip: Do not give 777 permission to wp-content/uploads folder. In stead change user ownership to apache folder.
What you can do is. You can restrict other file types to upload in uploads folder using simple apache rule. following code you can use in .htaccess file.
Order Allow,Deny Deny from all <FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$"> Order Deny,Allow Allow from all
Using above code you can secure your uploads folder and only selected files can be pushed into uploads folder.