How to Protect Your Media Within http://www.yourdomainname.com/wp-content/uploads?

8 replies
Hello Warriors,

While some or most of you might have known the answer to this question already, I would still like to share what we have discovered today.

We found out that the "/wp-content/uploads" directory of one of our business partner's websites, where they put in rich resources and valuable tools in their business, has been widely accessible to the public for so long. That's the main reason why they were seeing suspicious traffic on that specific folder. We recommended 2 days to them so no vulture can download all files from their "/wp-content/uploads" directory.

First Way: De-Indexing the Directory
1. Go to your CPanel.
2. Find 'Index Manager' at the very bottom.
3. Select 'No Indexing' either to your entire site or to specific directories/folders only.

Second Way: Password Protecting the Directory
1. Go to your CPanel.
2. Find 'Password Protect Directories.'
3. Select the directory/folder that you would like to be secured.

I hope this helps.
#media #protect
  • Profile picture of the author webovative
    Looks like the first one just updates your robots.txt file to tell robots not to crawl that directory

    The second one password protects a directory

    use either one on your wp-content directory and kiss your traffic goodbye

    the second one is particularly bad since it will ask users for a password ever time they look at a blog post and then deliver an access denied if they don't have it
    {{ DiscussionBoard.errors[6511420].message }}
    • Profile picture of the author contentwriting360
      Banned
      @webovative: They don't mind traffic to that particular domain. They're just using it somewhat like a repository of their business tools. Of course, you wouldn't do any of those two if you're monetizing your sites through traffic.
      {{ DiscussionBoard.errors[6511426].message }}
      • Profile picture of the author JohnMcCabe
        An even easier way to protect the contents of the directory is to drop a blank index file in the folder. When someone types the url for the folder into their browser, the server first looks for a default 'home' page. If it finds one, it serves that; else it serves a directory listing.

        A variant is to make the folder's home page a redirect to the site's home page. You can still access the contents of the folder by the full filename url, but you won't get the directory listing.
        {{ DiscussionBoard.errors[6513552].message }}
        • Profile picture of the author contentwriting360
          Banned
          Originally Posted by JohnMcCabe View Post

          A variant is to make the folder's home page a redirect to the site's home page. You can still access the contents of the folder by the full filename url, but you won't get the directory listing.
          Hello John,

          I'm glad you brought out that idea. Please advise me on this. If I were to apply this to the /wp-content/uploads directory, all contents that are in that directory won't be crawled anymore? Will it affect the ranking of the website?

          Your response is highly-appreciated.

          Originally Posted by contentwriting360 View Post

          First Way: De-Indexing the Directory
          1. Go to your CPanel.
          2. Find 'Index Manager' at the very bottom.
          3. Select 'No Indexing' either to your entire site or to specific directories/folders only.
          {{ DiscussionBoard.errors[6513633].message }}
          • Profile picture of the author JohnMcCabe
            Originally Posted by contentwriting360 View Post

            Hello John,

            I'm glad you bring out that idea. Please advise me on this. If I were to apply this to the /wp-content/uploads directory, all contents that are in that directory won't be crawled anymore? Will it affect the ranking of the website?

            Your response is highly-appreciated.
            It should stop the crawling because the spider will follow the path a human would. When it gets to that link, it will find the redirect (I use plain php 'permanent' redirects) and follow that back to the home page.

            I've always used it more for stopping human scavengers.

            As to how it might affect the ranking, that depends on how much the content of that directory are influencing the ranking now. If I could tell you that, I'd be dictating this to my gorgeous assistant from my tropical island, sipping something cold and watching the surf roll in...
            {{ DiscussionBoard.errors[6514957].message }}
            • Profile picture of the author contentwriting360
              Banned
              Originally Posted by JohnMcCabe View Post

              It should stop the crawling because the spider will follow the path a human would. When it gets to that link, it will find the redirect (I use plain php 'permanent' redirects) and follow that back to the home page.

              I've always used it more for stopping human scavengers.

              As to how it might affect the ranking, that depends on how much the content of that directory are influencing the ranking now. If I could tell you that, I'd be dictating this to my gorgeous assistant from my tropical island, sipping something cold and watching the surf roll in...
              Thanks for your response, John. If I may abuse your kindness and knowledge, I'll ask again.

              Where are our pages and posts saved/located? in the /wp-contents or /wp-contents/upload directory? I've been searching for that in Google. I'm not sure if I'm just using the wrong search string or what but I can't find the answer.

              Thanks for your usual support.
              {{ DiscussionBoard.errors[6514976].message }}
  • Profile picture of the author UMS
    Pages and posts are saved in your WordPress database. The uploads folder contains images/files/videos that have been uploaded.

    In most modern WP installs, the contents under wp-content is not available to browse.
    {{ DiscussionBoard.errors[6515052].message }}
    • Profile picture of the author JohnMcCabe
      Originally Posted by UMS View Post

      Pages and posts are saved in your WordPress database. The uploads folder contains images/files/videos that have been uploaded.

      In most modern WP installs, the contents under wp-content is not available to browse.
      Well, I'm kind of a 'belt and suspenders' kind of guy, and I got into the habit of dropping those trick home pages into any directory I didn't want snooped several years ago...
      {{ DiscussionBoard.errors[6515850].message }}

Trending Topics