This article describes how you can secure your WordPress Default Upload directory to protect your files especially Premium Themes and plugins.
WordPress is the best CMS available for blogging, though it has number of vulnerabilities as nothing is 100 % safe. By default, WordPress Upload folder has file permission 755 without any blank index file and thus exposes to vulnerabilities.
What is Problem in that ?
Well problem is that your valuable Themes and Plugins are exposed to others, which is risky and dangerous. Also others can download and use your themes and plugins for which you have spent lot of money (see example). Hacker can easily find and reach to your upload folder via this query on Google.
How to Secure your WordPress Default Upload folder
Step 1: Never upload your Theme or plugin via WordPress dashboard.
To upload themes and plugin you can use FTP or SFTP .SFTP or SSH File Transfer Protocol are more secured as file transfer is encrypted and thus your transfer is more safe.
Step 2: Create a blank index.html or index.php to confuse others.
You can secure your folder by creating an empty index.html or index.php and upload it to wp-content/uploads. By this you are protecting your WordPress upload directory. I have created an index file which shows error message with ip-address to confuse hacker or usual users.You can copy code from here and save it as index.html to work properly.
Step 3: Disable Directory browsing using .htaccess code.
This best method to protect your files and folder from hackers and bad people. To disable directory browsing add following code in your .htaccess file. Don’t forget take back up before doing any thing.
Options All -Indexes
After adding code to .htaccess your website is secured by disabling wordpress directory browsing and no one can view your files or folder.
Bonus Tip: To Harden your WordPress for more security you can secure your wp-includes folder,wp-config.php file,My SQL,change file and folder permission, etc. Read here for more details.