https://legacy.forums.gravityhelp.com/topic/how-do-i-protect-the-uploads-directory Gravity Support Forums Topic: How do I protect the uploads directory? en-US Sun, 19 Apr 2026 18:29:59 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/how-do-i-protect-the-uploads-directory#post-35376 Thu, 15 Sep 2011 02:30:30 +0000 Chris Hajer 35376@https://legacy.forums.gravityhelp.com/ <p>jsride, adding that to your .htaccess file just prevents the files from being listed. If a visitor knew the file name or could guess it, they could still download the file.</p> <p>As Carl mentioned, Gravity Forms 1.6 has more security for the file uploads.</p> <p>Additionally, in the post I linked to, there are measures you can take to make the files less accessible, but at the expense of making things less useful. If you're concerned more about the security than the usability, you'll need to do more work. </p> https://legacy.forums.gravityhelp.com/topic/how-do-i-protect-the-uploads-directory#post-35328 Wed, 14 Sep 2011 15:38:45 +0000 Carl Hancock 35328@https://legacy.forums.gravityhelp.com/ <p>@jsride As Chris mentioned on some hosts adding this to your .htaccess prevents directory listings from being returned when a user browses to a folder.</p> <p>Gravity Forms v1.6, which is currently a beta release, implements more file upload security. This includes creating dummy index.php file to prevent directory listings. </p> https://legacy.forums.gravityhelp.com/topic/how-do-i-protect-the-uploads-directory#post-35322 Wed, 14 Sep 2011 15:26:36 +0000 jsride 35322@https://legacy.forums.gravityhelp.com/ <p>So all I need to do is add “Options –Indexes” to .htaccess? Since I’m a novice user, can you tell me how this stops people from accessing the uploads folder? </p> https://legacy.forums.gravityhelp.com/topic/how-do-i-protect-the-uploads-directory#post-35136 Tue, 13 Sep 2011 02:52:28 +0000 Chris Hajer 35136@https://legacy.forums.gravityhelp.com/ <p>In addition, make sure that directory indexes are turned off for the wp-content/uploads directory, You can do this on most hosts by adding a line to your .htaccess:</p> <pre><code>Options -Indexes</code></pre> https://legacy.forums.gravityhelp.com/topic/how-do-i-protect-the-uploads-directory#post-35135 Tue, 13 Sep 2011 02:51:25 +0000 Chris Hajer 35135@https://legacy.forums.gravityhelp.com/ <p>Does this help?<br /> <a href="http://www.gravityhelp.com/forums/topic/privacy-of-uploaded-content#post-30396" rel="nofollow">http://www.gravityhelp.com/forums/topic/privacy-of-uploaded-content#post-30396</a> </p> https://legacy.forums.gravityhelp.com/topic/how-do-i-protect-the-uploads-directory#post-35019 Sun, 11 Sep 2011 09:06:44 +0000 jsride 35019@https://legacy.forums.gravityhelp.com/ <p>The gravity forms uploads directory is accessible via a browser. How can I protect it? </p>