Protecting media uploads and other files becomes important when you start selling digital content on your WordPress Ecommerce website. All media files on your WordPress site including the e-commerce uploads are located in uploads directory present inside wp-content directory which is located in your website’s root directory i.e. the main directory of your WordPress site installation.
You can protect this directory by installing-activating a plugin called Protect Uploads. Once the plugin is activated, simply navigate to your dashboard’s Media -> Protect Uploads page to see if the plugin is protecting your directory.
How It Works?
Anybody who wants to access your media files could list it by going to your-domain/wp-content/uploads from his web-browser. This plugin will hide the content by adding an index.php file on the root of your uploads directory or by setting a .htaccess which will return a 403 forbidden access error.
Depending on your server configuration, the .htaccess option could be disabled from the plugin settings page.