Exposing your upload directory is essentially leaving the back door to your website unlocked.
Or simply place an empty index.html file inside every uploads subdirectory. index of parent directory uploads
Set strict permissions for uploads directories: Exposing your upload directory is essentially leaving the
Web applications use the /uploads directory to store files submitted by users or administrators. Depending on the purpose of the website, this folder can contain highly sensitive, unencrypted data. Depending on the purpose of the website, this
Cybercriminals rarely find these directories by accident. Instead, they use a technique known as (or advanced Google searching) to look for specific strings of text that web servers automatically generate on indexing pages.
Locate your Nginx configuration file (usually nginx.conf or a file within sites-available ). Inside the server block, look for the location block. Ensure autoindex is set to off : location / autoindex off; Use code with caution. Restart Nginx ( sudo service nginx restart ). 3. WordPress Specific Fix