How to Protect the WP-CONTENT Folder of Your WordPress Website

May 26th, 2017 | by Ravi Chahar || 2 Comments |

For a WordPress website, the whole content is present in the wp-content folder. It’s possible that hackers can upload new files. It’s important to protect the wp-content folder for better security.

The security has always been a concern to many. Most of the WordPress users don’t really pay attention to this which turns out to be a fatal for them.

Just like this folder, it’s also recommended to protect the .htaccess file and the wp-config.php file. These are two most important files for your website.

In this tutorial, you will learn the way to protect the wp-content folder add using the .htaccess file.

What Should You Protect This Folder

Before you jump directly into the coding stuff, you should know the reasons.

As you all know, whenever you upload any plugin, the theme, it gets stored in the wp-content folder of your WordPress directory.

Hackers can upload the similar files to this folder and run the malicious code. It can be spread to your whole website.

There are some particular types of files which should be run by a WordPress website. Apart from those, no extra file should be executed.

All the images, cached data is stored in this folder. It’s like the most necessary file of your WordPress website which is responsible for storing most of the data.

Create a New “.htaccess” File and Add the Code

You may be confusing with the main .htaccess file of your WordPress website. It’s not the same file where you add many codes to protect different files and folders.

Well, to protect the wp-content folder, you have to create a new .htaccess file and upload it in this folder.

It’s just a text file, nothing complicated. Create a text file with the name “.htaccess“. It’s because this file is a hidden file which should be named with a dot.

Add the code in this file.

Save the file and now you have to upload it the wp-content folder of your WordPress website directory.

It can be done using the cPanel. Just open the file manager and in the public_html directory, you can easily find the wp-content folder.

Use the upload button showing in the main navigation menu. It will open a new tab from where you can choose the text file you have created. Upload it and you’re done.

You have successfully protected your website data folder.

What does that code mean? Have you even thought about it?

Well, this code is allowing the upload of only the XML, CSS, JPG, JPEG, PNG, GIF, and JavaScript files. No other type of file can be uploaded.

As hackers create some unknown files with different extensions. So you’re safe from all those files.

It can be challenging for many because website security can be overwhelming. There are many vulnerabilities which are required to get covered.

There is a manual method to protect each file of your WordPress website. But if don’t want to do any coding stuff then you can use a security plugin which has all the features.

Isn’t that easy to Protect the WP-CONTENT Folder

From all those security threats, you should always be ready. There are many website security tips which can help you.

You can also take a few steps for the security of your WordPress admin panel. You can password protect the admin directory.

You can also add a security question to WordPress login page of your website. There are many other things which can be done.

I hope you liked the article and can easily protect the wp-content folder. If you face any problem, feel free to drop a comment.

You can also connect with us on Twitter, LinkedIn, and Facebook.