For the past few months, I’ve been working on my websites locally, using Docker, Python scripts, GitHub, and Cloudflare Pages to make my sites static.
Since bots don’t know that, I still get all sorts of attacks as if it was possible to hack one of my sites.
I was already blocking access to “wp-admin” and “wp-includes”.
and I wanted to block the “wp-content” folder entirely but if I block that folder, I block access to important files such as images, PDF files, audio.
So I opted for changing the default media upload directory so I could block the whole “wp-content” folder from this point forward.
It didn’t take that much to make such decision since I am not using any plugins and use a custom theme.
You will have to do three things if you want to do this:
- Figure out if you really can do this.
- Create a folder and call it whatever you prefer.
- Copy the content of the default media upload directory to a new location.
- Use PHP to change the default media upload directory
- Search and replace some content
Let me give you some tips on how to do it.
Table of Contents
Why Should you do this?
Since media files are intended to be publicly accessible, storing them in a dedicated directory outside the default WordPress folder ensures that your media is not mixed with essential site files.
This separation makes it easier to manage and back up your site.
I can move my site anywhere by taking the folder with all media file, my mu-plugin, my custom theme and my database.
Who Should do this?
You can change the default media upload directory if you really want to do that.
Just make sure that there is no conflict with the plugins and theme you are using. You are the only one who can figure that out.
You should feel comfortable with:
- Creating Backups of your DB and WordPress Installation
- Making changes to your WordPress Installation.
- Running SQL Commands
Create the new Folder and Move Files to it
You can name the new default media upload directory whatever you prefer, such as uploads, content, files, media, or assets.
I chose “assets” so I created a folder on the root folder.
Then I copied the content within the “wp-uploads” to the “assets” folder
Mu-Plugin to Change the Default Media Upload Directory
This PHP code is a WordPress plugin that customizes the upload directory for WordPress media files.
It changes the upload directory to an /assets folder located in the root directory of the WordPress installation
<?php
/**
* Plugin Name: Assets - Custom Upload Directory
* Description: Sets WordPress uploads directory to /assets in the root folder
* Version: 1.1
* Author: TicoLibre.com
*/
// Prevent direct access to this file
if (!defined('ABSPATH')) {
die('Direct access not permitted');
}
// Define the upload directory constant
define('UPLOADS', 'assets');
By the way, you will find some tutorial instructing to modify the wp-config.php.
This mu-plugin has proven to do that without a problem.
Search and Replace
Every time you run an SQL Command, make a backup of your Database.
This is the SQL Command I use to preview the changes I was about to make
SELECT *
FROM wp_posts
WHERE post_content LIKE '%wp-content/uploads%';And this is the SQL Command I use to replace “wp-content/uploads” with “assets”.
UPDATE wp_posts
SET post_content = REPLACE(post_content, 'wp-content/uploads', 'assets')
WHERE post_content LIKE '%wp-content/uploads%';I also need to make some changes to the post_meta table because of a custom fields.
This is what I did to preview the content I was about to change
SELECT meta_id, post_id, meta_key, meta_value
FROM wp_postmeta
WHERE meta_value LIKE '%wp-content/uploads%';And this is the SQL command I use to replace “wp-content/uploads” with “assets”.
UPDATE wp_postmeta
SET meta_value = REPLACE(meta_value, 'wp-content/uploads', 'assets')
WHERE meta_value LIKE '%wp-content/uploads%';From this point forward, you should check the source code of a few pages and search for “wp-content/uploads”.
You can also check images by right clicking on them and open them in a new tab.
Keep in Mind
Some WordPress plugins make backups of your WP-Content Folder and Database.
If you are using a different folder for your uploads, keep in mind that this might not being backed up by such plugin.
