WP-Content Uploads: What It Is and How to Upload Files in WordPress
The WP-Content directory plays a significant role in all WordPress sites. It houses your website’s content, including file and media uploads as well as the assets of all the plugins and themes installed on your WordPress site. If you delete this directory, your website will crash.
Due to its importance, this folder is a popular target of hackers. To minimize security risks, website owners should know how to access, manage, and protect their WP-Content directory properly.
This article will cover the steps to access and upload the WP-Content directory. We will also teach you how to hide the WP-Content/Uploads folder from the public, preventing hackers from attempting backdoor attacks on your WordPress site.
What Is the WP-Content Folder?
It’s a core folder within your WordPress website that stores all your site files. Its content includes but isn’t limited to media uploads and files belonging to your installed plugins and themes.
How to Access the WP-Content Folder
- Log in to your web hosting account and navigate to Hosting -> Manage.
- Upon entering the Hosting Account page, scroll down to the Files section and select File Manager.
- Double-click your root directory (public_html) and locate the WP-Content directory within.
How to Upload the WP-Content Folder
When uploading your site to a different web server, you need to upload the WP-Content folder to the new WordPress installation via File Manager or SFTP. This time, we’ll explain the steps how to do it using the latter method:
- Establish an FTP connection using an FTP client.
- The left panel will display your local computer files, while the right panel will showcase your remote WordPress website directories. Make sure the right panel has your root directory open (public_html).
- Drag-and-drop the WP-Content folder from the left panel to the right panel. A pop-up warning will appear asking for confirmation to overwrite or merge the existing WordPress files. If it’s a fresh WordPress installation, you can choose to overwrite them – click OK.
This method also works for uploading media files to your WordPress Media Library. If you don’t have access to the admin dashboard, you can use an FTP client to access the WP-Content/Uploads directory and add files there for later use.
How to Hide the WP-Content Folder
Your WP-Content repository is an ideal entry point for hackers to access your website’s sensitive information or inject malicious code into it. To reduce the risk of cyberattacks, we recommend hiding its URL path.
There are two ways to hide the WP-Content folder ‒ using a WordPress plugin or manually.
Many WordPress security plugins have a feature that secures website directories. The following are the steps to secure your WP-Content folder using the WP Hardening plugin:
- Install and activate the plugin.
- Navigate to WP Hardening -> Security Fixers from your WordPress dashboard.
- Expand the Server Hardening section and toggle the option next to Hide directory listing of WP includes. Doing so will hide your directories’ URL path, preventing third parties from discovering your directory structure and browsing your site’s content.
The manual method requires adding code to the .htaccess file. Here’s how to block access to the WP-Content/Uploads folder and disable PHP execution in it:
- Navigate to your WP-Content/Uploads directory from the root directory using File Manager.
- Locate the .htaccess file (or create a new file in the .htaccess format if there’s none present) and add the following code:
# Kill PHP Execution <Files ~ ".ph(?:p?|t|tml)$"> deny from all </Files> Order Allow, Deny Deny from all Allow from all
- Save the changes.
Other Suggested Reading
A WordPress site cannot function without a WP-Content directory. By understanding its role on your website and how it works, you’ll be able to maintain its operations and secure the folder from hackers. We hope this article has shed some light on the operation and importance of the WP-Content directory. Good luck.