Although WordPress is a very secure system one actually thinks of BUT since there is always a room open for more improvement, using the following snippet will let you secure your WordPress blog uploads directory.
To do so, first of all, create a file named .htaccess and paste the following code in it. Once you created it, upload the same into your wp-content/uploads directory. Remember at line 5 in the snippet below; make sure to add/update all the extensions you want to make it work for you.
1 2 3 4 5 6 7 8 | <Files ~ ".*..*"> Order Allow,Deny Deny from all </Files> <FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$"> Order Deny,Allow Allow from all </FilesMatch> |
Snippet Source/Credit: Jeff Starr