I want to restrict access to some files uploaded via the admin interface but I cannot rely on the ability to use .htaccess
(could be turned off, or they might be using a non-apache web server). I cannot rely on having access to a folder outside the web root, so is there either a directory protected from viewing in wordpress or some way wordpress enables writing files that cannot be viewed publicly?