Hi,
Slightly confusing question you have asked. Are you asking how to hide wp-content folder from direct access via a browser?
The Sucuri plugin does this Im sure but you mention you dont want a plugin. Well you could install it and see how it does it and the copy the way it does it and delete the plugin.
Im guessing its either by adding a blank index.php file to each directory like in the /wp-content/ folder or maybe its and htaccess thing.
I just tried adding a blank index.php to the uploads folder and that seems to work. Just copy the one from your wp-content folder into the uploads folder and check.
I looked at how Sucuri does this and the plugin adds a .htaccess file to the uploads directory which contains:
<FilesMatch "\.(?i:php)$">
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
So create an htaccess file and add the above code to it and place it in your uploads directory.
