Translations:Manual:Image authorization/43/en

cd &lt;/absolute/path/to/your/doc_root&gt;/.. mkdir &lt;dir_name_unguessable&gt; chgrp &lt;your_web_server_group&gt; &lt;dir_name_unguessable&gt; chmod 770 &lt;dir_name_unguessable&gt; cd &lt;dir_name_unguessable&gt; echo 'php_admin_flag engine off' &gt; .htaccess chmod 444 .htaccess  = "/img_auth.php"; = '&lt;/absolute/path/to/your/doc_root&gt;/../&lt;dir_name_unguessable&gt;'; = true; = false; = false; NOTE: The following img_auth.php hacks should not be needed.
 * 1) login in to a shell of your web server (similar actions are often possible with your FTP client, if not, ask your provider to assist you)
 * 2) create the unguessable images/upload directory outside of (in parallel to) your document root (note the /.. at the end of the path):
 * 1) make it read/writeable for the web server:
 * 1) create the .htaccess file as noted above and make it readable only (this is paranoia, because the web server never looks here, only PHP not taking care of .ht* files normally, but just in case this directory ever will be made available to the web server directly) :
 * 1) change your LocalSettings.php config file:
 * 1) We don't wanna restrict access, just make our MW install more secure

(actually this doesn't work properly.. you need to hack your img_auth.php  and remove the check for logged in users and if the image is in the whitelist.. comment these lines: