.htaccess with “Deny from all” in /files if defined UPLOADS = blocking images


in 5.2 you set in wp-slimstat.php:68 following the $upload_dir. If defined(‘UPLOADS’) the upload_dir is just ABSPATH . UPLOADS

// Define the folder where to store the geolocation database (shared among sites in a network, by default)
if (defined('UPLOADS')) {
self::$upload_dir = ABSPATH . UPLOADS;
} else {
self::$upload_dir = wp_upload_dir();
self::$upload_dir = self::$upload_dir['basedir'];
if (is_multisite() && !(is_main_network() && is_main_site() && defined('MULTISITE'))) {
self::$upload_dir = str_replace('/sites/' . get_current_blog_id(), '', self::$upload_dir);
self::$upload_dir .= '/wp-slimstat';
self::$upload_dir = apply_filters('slimstat_maxmind_path', self::$upload_dir);

In line 1.985 you write a .htaccess with Deny from all in this folder.

* create upload directory
public static function create_upload_directory()
$upload_dir = self::$upload_dir;

* Create .htaccess to avoid public access.
if (is_dir($upload_dir) and is_writable($upload_dir)) {
$htaccess_file = path_join($upload_dir, '.htaccess');

if (!file_exists($htaccess_file) and $handle = @fopen($htaccess_file, 'w')) {
fwrite($handle, "Deny from all\n");

If the UPLOADS is set like in https://developer.projectdmc.org/reference/functions/wp_upload_dir/#folder-name to eg ‘files’ the .htaccess is saved in this folder and all images (in /files) wont load any more.

So better add the multisite option in the function correctly to use the /wp-slimstat from line 76.



This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer