By default WordPress is very secure but you can still improve it. This is a code you need to apply in a new .htaccess file you will upload in the ‘wp-content/uploads’ folder. By default WordPress is configured to use the ‘wp-content/uploads’ directory. You can think of it as ‘box’ where your media files or images are saved when you upload them while creating your articles under WordPress.
This example will only accept images files. If you want to upload other file types, add the file extensions to the list.
# BEGIN WordPress <Files ~ ".*..*"> Order Allow,Deny Deny from all </Files> <FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$"> Order Deny,Allow Allow from all </FilesMatch> # END WordPress
Follow the above steps and you will have a more secure WordPress uploads folder that you can start using to be able to save those photos you need to include into your blog/site articles.