https://legacy.forums.gravityhelp.com/topic/file-upload-security Gravity Support Forums Topic: file upload security en-US Mon, 20 Apr 2026 06:30:16 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/file-upload-security#post-19786 Wed, 02 Mar 2011 20:06:07 +0000 trevor-in-alberta 19786@https://legacy.forums.gravityhelp.com/ <p>Thanks! </p> https://legacy.forums.gravityhelp.com/topic/file-upload-security#post-19474 Sat, 26 Feb 2011 22:48:58 +0000 Chris Hajer 19474@https://legacy.forums.gravityhelp.com/ <p>You can also configure your server so that directory indexes are turned off, and files in the directory are not listed. To get to the file, the visitor would have to guess the name. They can probably guess all the locations.</p> <p>On an Apache server, you can add this to a .htaccess file and put it /wp-content/uploads/ or /wp-content/ or even / if you want to turn off directory indexes across the whole site. This will work if the server allows this type of override in at .htaccess file. In any case, this is what to put in the .htaccess file (note the leading dot):</p> <pre><code>Options -Indexes</code></pre> <p>At least that way the directory of files is not listed. There's normally no reason to have directory indexes turn on in a WordPress installation. And you can always override this rule to make the server show indexes for specific directories.</p> <p>This works if you are using Apache on Linux and the server is configured to allow this sort of override in the .htaccess file. If you get a "500 Internal Server Error" (white screen) after adding this rule to you .htaccess file, the server probably does not allow it and this will not work for you. </p> https://legacy.forums.gravityhelp.com/topic/file-upload-security#post-19470 Sat, 26 Feb 2011 20:48:01 +0000 Kevin Flahaut 19470@https://legacy.forums.gravityhelp.com/ <p>You can use a filter to specify your upload location. Here's a previous thread with details.</p> <p><a href="http://www.gravityhelp.com/forums/topic/specify-upload-location#post-12459" rel="nofollow">http://www.gravityhelp.com/forums/topic/specify-upload-location#post-12459</a> </p> https://legacy.forums.gravityhelp.com/topic/file-upload-security#post-19460 Sat, 26 Feb 2011 14:40:39 +0000 trevor-in-alberta 19460@https://legacy.forums.gravityhelp.com/ <p>Just got going with your products and so far I am very happy with your creation.</p> <p>One thing I noticed was with the file upload feature that the files are created in an insecure folder based on the form then date. When it is created it is based on the month without an index.html file in it.</p> <p>/wp-content/uploads/gravity_forms/1/2011/02</p> <p> This may seem nit-picky but for my application of the form I don't want people being able to poke around my folder so I will have to drop my own index.html files all over the place. Can you address my concern.... thank-you </p>