Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Images/Files stored in upload folder are openly accessible #172

Open
avonville opened this issue Sep 12, 2022 · 0 comments
Open

Images/Files stored in upload folder are openly accessible #172

avonville opened this issue Sep 12, 2022 · 0 comments
Assignees
Labels
enhancement New feature or request

Comments

@avonville
Copy link
Collaborator

https://wordpress.org/support/topic/store-attachement-elsewhere/

Should we look into a more secure option? For instance how gravity forms stores uploads.

From Gravity Forms.

The Gravity Forms Uploads Folder
Gravity Forms creates a subfolder structure in the WordPress uploads root which is used to save uploaded files. Files are stored in folders with unique names created with the same algorithm WordPress uses (salted HMAC-MD5) and are impossible to crack with brute force. A folder containing the files for the form will have a path similar to this:
/path/to/wordpress/wp-content/uploads/gravity_forms/82-ea1cf844318d032fd7e8fa8w1dacdfbe
You will notice empty index.html files in all of the subfolders. The purpose of these files is to prevent directory listings appearing in search engines for Web servers that are poorly configured. Please don’t remove these files, they are there to protect you.

@avonville avonville self-assigned this Sep 12, 2022
@avonville avonville added the enhancement New feature or request label Sep 12, 2022
@avonville avonville changed the title Images stored in upload folder are openly accessible Images/Files stored in upload folder are openly accessible Sep 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant