The gravity forms uploads directory is accessible via a browser. How can I protect it?
PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.
How do I protect the uploads directory?
-
Posted 13 years ago on Tuesday September 13, 2011 | Permalink
-
In addition, make sure that directory indexes are turned off for the wp-content/uploads directory, You can do this on most hosts by adding a line to your .htaccess:
Options -IndexesPosted 13 years ago on Tuesday September 13, 2011 | Permalink -
@jsride As Chris mentioned on some hosts adding this to your .htaccess prevents directory listings from being returned when a user browses to a folder.
Gravity Forms v1.6, which is currently a beta release, implements more file upload security. This includes creating dummy index.php file to prevent directory listings.
Posted 13 years ago on Wednesday September 14, 2011 | Permalink -
jsride, adding that to your .htaccess file just prevents the files from being listed. If a visitor knew the file name or could guess it, they could still download the file.
As Carl mentioned, Gravity Forms 1.6 has more security for the file uploads.
Additionally, in the post I linked to, there are measures you can take to make the files less accessible, but at the expense of making things less useful. If you're concerned more about the security than the usability, you'll need to do more work.
Posted 13 years ago on Thursday September 15, 2011 | Permalink
