Protect your WordPress Default Upload Dirctory

This article describes how you can secure your WordPress Default Upload directory to protect your files especially Premium Themes and plugins.Protect default upload folder

WordPress is the best CMS available for blogging, though it has number of vulnerabilities as nothing is 100 % safe. By default, WordPress Upload folder has file permission 755 without any blank index file and thus exposes to vulnerabilities.

What is Problem in that ?

Well problem is that your valuable Themes and Plugins are exposed to others, which is risky and dangerous. Also others can download and use your themes and plugins for which you have spent lot of money (see example). Hacker can easily find and reach to your upload folder via this query on Google.

How to Secure your WordPress Default Upload folder

Step 1: Never upload your Theme or plugin via WordPress dashboard.

To upload themes and plugin you can use FTP or SFTP .SFTP or SSH File Transfer Protocol are more secured as file transfer is encrypted and thus your transfer is more safe.

Step 2: Create a blank index.html or index.php to confuse others.

You can secure your folder by creating an empty index.html or index.php and upload it to wp-content/uploads. By this you are protecting your WordPress upload directory. I have created an index file which shows error message with ip-address to confuse hacker or usual users.You can copy code from here and save it as index.html to work properly.

Step 3: Disable Directory browsing using .htaccess code.

This best method to protect your files and folder from hackers and bad people. To disable directory browsing add following code in your .htaccess file. Don’t forget take back up before doing any thing.

Options All -Indexes

After adding code to .htaccess your website is secured by disabling wordpress directory browsing and no one can view your files or folder.

Bonus Tip:  To Harden your WordPress for more security you can secure your wp-includes folder,wp-config.php file,My SQL,change file and folder permission, etc. Read here for more details.

How to Install WordPress Locally on your Computer

WordPress is definitely is the best CMS for blogging as it is Famous for ” 5-Minute Install “and easy to use. As a webmaster or Blogger you need to test new themes and plugin regularly, but it may go wrong sometime and your site may get down.  So to avoid it , you can test your themes and plugin Locally in your PC without any fear and much faster speed.

To install WordPress,it has following requirements (Version 3.2)

  • PHP version 5.2.4 or greater
  • MySQL version 5.0.15 or greater
  • (Optional (required for multi-site)) Apache mod_rewrite module (for clean URLs known as Permalinks)

It is difficult to install an Apache web server on your computer and it gets harder if you want to add MySQL, PHP and Perl, though forXampp WordPress you only need PHP and MySQL . I’m using XAMP for installation of PHP and MySQL in my computer and then WordPress.

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. It is really very easy to install and to use – just download, extract and start.

Steps To Install WordPress Locally on your Computer.

1)  Download Window installer of XAMPP from here and install it according to instruction.

 

Xaamp windows installer

 

2) Click Next button to install Xampp.

 

xamp installtion

 

3) Choose your Install location,by default it will install Xampp in C:\xampp

 

xaamp installtion setteing

 

4) Select which service to be installed.Leave Filezilla as it is not required.However you can install it later.

 

Xaamp installation finish

 

5) You will get Notification as “Service Installation is finished”. Click “ok” to continue.

 

Xamp installation finish

 

 

6) Now your installation is finished,click “Finish” to continue.

 

Xaamp control Panel

 

7) Now after installation you will able to see XAMPP control Panel from where you can see various Buttons for setting and other purpose.

 

 

Xaamp for Windows

8) Click Admin button beside Apache in Xampp Control Panel to get started.

Xaamp service status

9) Then click “Status” present in menu bar, to know which component is running or not. Change your password for Apache and Mysql by typing this URL in your browser  http://localhost/security/xamppsecurity.php .You can also check your local server security here http://localhost/security/index.php and then do as required.

Php My admin logo

10) Now its time to create a Data base in PhpMyAdmin. To create database open Xampp Control Panel from Notification area. Click “admin” beside MySQL (See picture under 6th point). Login with your username and password, which you have just created. Enter wordpress or any other name in Create new database and click create.

Create database in php my admin

11) Now you have created a database  and it’s time for connecting database with WordPress. Download WordPress and extract it to C:\xampp\htdocs using winrar or winzip.

Wordpress installtion directory

12) Now you have two option for installing WordPress. First by editing sample-config.php file manually  and other directly via WordPress. I’m showing second method to install WordPress.

Open any browser and  go to this URL http://localhost/wordpress.You will get this Configuration error .

Wordpress config error

13 ) Now click “Create a configuration File” to create config.php file

Wordpress config.php file data

14) Enter all details like database name,username and password, same as created in MyPhpAdmin. Leave database Host and Table Prefix as Default.Then click submit to create Config.php file.

Wordpress installtion

15) After creating Config.php file you will get option of WordPress installation.Run installation by clicking it.

Enter WordPress site details

16)  Enter your site details and passwords for full installation and click “Install WordPress”.

This your last step and now you can sign in WordPress and test your theme and plugin locally. For accessing  your admin panel go to this URL http://localhost/wordpress/wp-login.php and to access homepage go to this URL http://localhost/wordpress/.

Please share this post if you liked it .Ask any question if you have any doubt.Comment will be appreciated.