Skip to contentSkip to main navigation Skip to footer

WordPress security is a top priority for any website owner. One effective way to enhance your WordPress site’s security is by using the Hide My WP Ghost plugin. This plugin offers various features to protect your website from potential threats, including changing the wp-content/uploads path. In this tutorial, we will walk you through the process of changing the wp-content/uploads path using the Hide My WP Ghost plugin.

What is the path for ‘wp-content/uploads’ in WordPress?

In WordPress, the wp-content/uploads path refers to the directory where all the media files, such as images, videos, audio files, and documents, that you upload through the WordPress admin panel are stored.

This directory is a crucial part of a WordPress installation, as it holds the content that you add to your website.

The wp-content/uploads path is structured within the main directory of your WordPress installation as follows:


Here, /your-wordpress-directory/ represents the location where you’ve installed WordPress on your web server.

For example, if you’ve installed WordPress directly in your website’s root directory, the path would be:


If you’ve installed WordPress in a subdirectory, the path would be:


Inside the uploads directory, WordPress creates subdirectories based on the year and month of the uploaded files. This organization helps keep the media files organized and prevents a single directory from becoming cluttered.

For instance, if you upload an image in September 2024, WordPress might create a path like:


Within this directory, the uploaded media files for that specific month are stored.

It’s important to note that altering or moving the wp-content/uploads directory directly can lead to broken links and issues with media files not displaying correctly on your website.

If you need to make changes related to media files, it’s recommended to use plugins or follow best practices to ensure your website’s functionality remains intact.

Why is it important to secure the ‘wp-content/uploads’ path in WordPress?

Securing the “wp-content/uploads” path in WordPress is important for several critical reasons:

Protecting Sensitive ContentThe “wp-content/uploads” directory contains all the media files uploaded to your website, including images, videos, and documents. If this path is not properly secured, malicious actors could gain unauthorized access to your media files, potentially leading to the exposure of sensitive content.
Preventing Unauthorized AccessBy default, media files in the “uploads” directory are accessible to anyone who knows the URL. Securing the path helps prevent unauthorized users from directly accessing and downloading your files, reducing the risk of content theft.
Mitigating Brute Force AttacksHackers may attempt to gain unauthorized access to your site by exploiting vulnerabilities in the “uploads” directory. Securing this path adds an extra layer of protection against brute force attacks and unauthorized login attempts.
Enhancing PrivacyIf your media files contain private information or user data, securing the “wp-content/uploads” path ensures that this information remains private and inaccessible to unauthorized users.
Preventing Malicious UploadsA secure wp-content/uploads path can help prevent hackers from uploading malicious files to your website. Some attackers may attempt to upload files with malware or malicious scripts, which can compromise your site’s security and harm visitors.
Obfuscating Website StructureChanging the default “wp-content/uploads” path can make it harder for potential attackers to determine the underlying structure of your website, making it more challenging for them to identify vulnerabilities.
Theme and Plugin ProtectionSome themes and plugins might inadvertently expose sensitive information through media file URLs. By securing the wp-content/uploads path, you can minimize the risk of such unintentional data exposure.

In summary, securing the “wp-content/uploads” path is a fundamental aspect of WordPress security. It helps safeguard sensitive content, prevent unauthorized access, and mitigate various types of cyber threats.

Implementing security measures, such as those provided by security plugins like Hide My WP Ghost, can significantly enhance the protection of your website’s media files and overall security posture.

Activate and Configure

Activate Safe Mode or Ghost Mode

Note: Before proceeding with this tutorial, ensure that you have already installed and activated the Hide My WP Ghost plugin. Also, activate either the Safe Mode or Ghost Mode.

To activate Safe Mode or Ghost Mode, follow these steps:

  1. After installing and activating the Hide My WP Ghost plugin, navigate to the WordPress dashboard.
  2. Locate the “Hide My WP” menu on the left-hand side and click on it.
  3. In the Hide My WP Ghost settings, find the “Change Paths” tab and click on it.
  4. Under the “Lever of Security” section, you will see options such as “Safe Mode” or “Ghost Mode“.
  5. Choose either Safe Mode or Ghost Mode based on your preferences.
    • Safe Mode: This mode offers essential protection by changing paths and hiding sensitive information. It is recommended for most websites.
    • Ghost Mode: This mode provides advanced protection by adding additional layers of security. It disguises the WordPress installation and plugins, making it more difficult for hackers to detect.
  6. Save the settings.

Accessing the Uploads Path Settings

  1. Log in to your WordPress admin dashboard.
  2. Navigate to “Hide My WP” in the left-hand menu.
  3. Click on “Change Paths > WP Core Security

Changing the wp-content/uploads Path

  1. Within the “Change Paths” section, locate the “WP Core Security” tab.
  2. Under this tab, you will find the “Custom Uploads Path” option. This is where you will change the path.
  3. Enter a new name for your uploads path. This new name will replace the default “wp-content/uploads” path.
  4. Click the “Save Settings” button to apply the changes.

Running a Security Check

run security check
  1. Once you have saved the new uploads path, it’s crucial to verify that the change has been implemented successfully.
  2. Go to “Hide My WP” in the admin menu again and select “Overview.”
  3. Click the “Run Full Security Check” button to initiate the check.
  4. This feature will perform a security check to ensure that the wp-content/uploads path has indeed been changed and is properly protected.


Changing the wp-content/uploads path using the Hide My WP Ghost plugin is a smart move to enhance your WordPress site’s security. By altering the default path, you make it significantly more challenging for potential attackers and theme detectors to locate vulnerable areas.

With the Hide My WP Ghost plugin’s comprehensive security features, you can take proactive steps to safeguard your WordPress website and keep it safe from potential threats.

Troubleshooting and FAQs

After changing the wp-content/uploads path, some of my images are not displaying on my website. What could be the issue?

Solution: This issue might occur due to the change in file paths. When you modify the wp-content/uploads path, the URLs of your existing media files also change.

To resolve this, you need to update the references to these files in your content and theme files. You can manually update the URLs in your posts, pages, and theme files to reflect the new path.

When the customized paths are not loading correctly (theme layout is affected), it means that the new paths to CSS and JS files are not found.

This error usually happens on Nginx servers when the new paths are not added to the config file of Nginx.

We wrote some tutorials to help people that are not technical, to contact their host and send them the exact instructions.