Uploads folder and security | WordPress.org

thomasvansundert
(@thomasvansundert)

17 years ago

Hi,
I’m looking for a clear answer to the following question: how can I make sure WordPress can upload media to my wp-content/uploads folder without having security risks?

The only way I got WordPress to upload files is by setting chmod 777 on the download directory.

What will the security implications be when I set:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

in my .htaccess file?

Also, when I set the following lines in my .htaccess-file:

Order Allow,Deny
Deny from all
<Files ~ “\.(jpeg|jpg|png|gif|gz)$”>
Allow from all
</Files>
AddType text/plain .pl .cgi .php
Options -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
<FilesMatch “\.(php|pl|py|jsp|asp|htm|shtml|sh|cgi)$”>
ForceType text/plain
</FilesMatch>

Will this make any difference?

The topic ‘Uploads folder and security’ is closed to new replies.

In: Fixing WordPress
0 replies
1 participant
Last reply from: thomasvansundert
Last activity: 17 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics