Securing WordPress uploads dir

March 25, 2014 2.4k views
I followed this article but I got a problem when uploaded images/files, it said "The uploaded file could not be moved to ..." So, I decided to changed the uploads dir user back to www-data. The upload function working properly now, but is it secure?
2 Answers
That should be secure enough but you can take it one step further and disable php in the uploads directory so that if someone manages to upload a php file they wouldn't be able to execute it. Add the following block to your virtualhost and restart apache:
<Directory /full/path/to/wp-uploads>

php_flag engine off
Thanks Kamal,
I'm sorry for late reply, why I didn't receive any notification from if someone commented on my post?
Have another answer? Share your knowledge.