Protecting your WordPress site from a malicious attack by using an .htaccess file in your upload folder.
When uploading pictures to your WordPress site, your host may require you to set the permissions of the upload folder to 775 or even 777. VERY BAD!!!
A permission of 777 gives everyone read, write and execute privileges on that folder. This is very dangerous and can give hackers the ability to access your site and server via this wide open folder.
Minimize your exposure by adding an .htaccess file to the folder with the following code.
deny from all
This will allow only certain files to be uploaded to this folder and deny all others, most importantly files that contain scripts.
Word of caution: No site is 100% safe. If a hacker wants into your site bad enough they probably can find a way. But by keeping up to date on software and plugin updates, will helps to reduce your risk of an attack.