How to block access to the wp-content uploads & wp-Includes folder

By default, everyone is able to access and browse through your wp-content folder by adding ‘wp-content/uploads’ to your domain name. This means they’ll be able to see all ‘Media’ files you have uploaded to WordPress. In a lot of cases, you don’t want this to happen, as some files aren’t supposed to be accessible to everyone. For instance, you might have an ebook uploaded, that you only want to give away to people that subscribe to your email list. You can block access to these folders by editing the .htaccess file. for your site.

This file is located in the root directory of your WordPress website. There are multiple ways to access and edit the .htaccess file. In this video, I’m using the cPanel file manager.

If you’re using cPanel, click ‘File Manager’, then select the site you want to do this for. Make sure you have ‘Show Hidden Files (dotfiles).’ Selected! If you don’t, you won’t be able to see your htaccess file.

Click ‘Go’ to go to the root directory of your site. In File Manager, select your .htaccess file, then right-click, and click ‘Code Edit’. Click ‘Edit’.

On a blank line add the following code: “Options -Indexes” Then click ‘Save’, to save the .htaccess file.

Options -Indexes

Once the file is saved, you can close the editor and File Manager. As you can see, visiting any part of your WP-content directory now gives the “Error – 403 Forbidden”. Done! Access to media files inside these directories, is, of course, still possible if you have the full URL to a file.

Chockalingam