uploads - Where to store sensitive uploaded file?

I'm developing a plugin. Where is the best place to store a user uploaded file that is sensitive in nature? It should not be web accessible. Given the encoding of the file, it's necessary that it be uploaded, as opposed to storing it in the database.

I'm developing a plugin. Where is the best place to store a user uploaded file that is sensitive in nature? It should not be web accessible. Given the encoding of the file, it's necessary that it be uploaded, as opposed to storing it in the database.

• uploads
• security
• filesystem

Share Improve this question asked Mar 1, 2019 at 0:31 ScratchaScratcha 11522 silver badges77 bronze badges 2

• What do you intend to do with the file? – Jacob Peattie Commented Mar 1, 2019 at 0:50
• It's a tls certificate. It will be passed as part of the header when making curl requests. (--cacert [file]) – Scratcha Commented Mar 1, 2019 at 0:54

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Upload files at anywhere ( normally create your own folder inside wp-content/uploads folder ), you can create .htaccess file and index.html files inside the folder to restrict the files from direct access.

Keep index.html blank and add deny from all text in .htaccess file.