Is it possible to move the entire wp-content folder outside of the Web root? I need to prevent anyone to view any asset file (images, pdfs, movies etc) with a direct url to the file…
Any ideas? Or could I do this safely with htaccess?
Leave a Reply
You must be logged in to post a comment.
See Ben Word – How to Hide WordPress
Summary:
I would highly recommend that you NOT move wp-content outside of the docroot. WordPress utilizes wp-content for more than uploads. This would have a huge impact on the accessibility of themes and plugins.
WordPress uploader will not play well with this scenario, and you’re only allowed to add an alternate relative relative path to the WordPress URI as well (Settings->Media), which means WordPress is constricted to uploading to the docroot. This makes sense because 99.99999999% of sites would never need this functionality.
This would be a bear of a project to tackle within WordPress from scratch. I would recommend that you use Amazon S3 and install a plugin like CDN Vault. They claim to protect locally hosted files and cloud hosted files on S3. I haven’t verified either, but it looks like a good start.
Hope this helps you out!