PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

How do I protect the uploads directory?

  1. The gravity forms uploads directory is accessible via a browser. How can I protect it?

    Posted 7 years ago on Sunday September 11, 2011 | Permalink
  2. In addition, make sure that directory indexes are turned off for the wp-content/uploads directory, You can do this on most hosts by adding a line to your .htaccess:

    Options -Indexes
    Posted 7 years ago on Tuesday September 13, 2011 | Permalink
  3. So all I need to do is add “Options –Indexes” to .htaccess? Since I’m a novice user, can you tell me how this stops people from accessing the uploads folder?

    Posted 7 years ago on Wednesday September 14, 2011 | Permalink
  4. @jsride As Chris mentioned on some hosts adding this to your .htaccess prevents directory listings from being returned when a user browses to a folder.

    Gravity Forms v1.6, which is currently a beta release, implements more file upload security. This includes creating dummy index.php file to prevent directory listings.

    Posted 7 years ago on Wednesday September 14, 2011 | Permalink
  5. jsride, adding that to your .htaccess file just prevents the files from being listed. If a visitor knew the file name or could guess it, they could still download the file.

    As Carl mentioned, Gravity Forms 1.6 has more security for the file uploads.

    Additionally, in the post I linked to, there are measures you can take to make the files less accessible, but at the expense of making things less useful. If you're concerned more about the security than the usability, you'll need to do more work.

    Posted 7 years ago on Thursday September 15, 2011 | Permalink