Prevent Public Access to StoreEngine Uploads

Protecting Your Uploads Directory

By default, StoreEngine places a .htaccess file in the wp-content/uploads/storeengine_uploads directory to prevent direct access. However, this alone does not fully guarantee protection since server configuration also plays a role and works only if your server is running Apache.

Using NGINX Server

If your site runs on NGINX, we recommend adding extra rules to block direct access to uploaded files for better security.

Add the following snippet at the end of the server block in your NGINX configuration:

# Protect StoreEngine upload folder from being accessed directly.
location ~* /wp-content/uploads/storeengine_uploads/ {
    if ( $upstream_http_x_accel_redirect = "" ) {
        return 403;
    }
    internal;
}

This ensures that files in your StoreEngine upload folder cannot be accessed directly via the browser.

The biggest Savings of the year!

Add-ons

Extend Store functionality

Integration

Connect external tools

What’s New

Latest feature updates

Blogs

Insights and eCommerce tips

Documentation

Step-by-step guides

Videos

Watch StoreEngine tutorials

Support

24/7 customer assistance

My Account

Access account settings

Join Community

Connect with peers

Roadmap

See future feature plans

Contact US

For Partnerships Assistance

Documentation Details

Protecting Your Uploads Directory

Using NGINX Server

Chuadanga Bus Stand, Abdur Razzak Complex 4th Floor. Jhenaidah Sadar 7300, Khulna, Bangladesh.

Contact Email

Products

Pages

Company

Account

The biggest Savings of the year!

Documentation Details

Protecting Your Uploads Directory

Using NGINX Server

Join the StoreEngine Revolution!