Unpredictable Image Filenames, WordPress

New WordPress Plugin: Unpredictable Image Filenames

I’ve written a new WordPress plugin to help protect uploaded images from being accessed just by guessing the URL.

Many cameras and smartphones number their images in a predictable format. For example, iPhones use the format IMG_0001.jpg. If you include IMG_0345.jpg in a blog post, an unsavory third party could start regularly trying to access IMG_0346.jpg, attempting to view the image before you publish a post containing it.

Or, maybe you have a private blog that you only allow family members to read. Not all “private blog” plugins are able to require authentication to load images from /wp-content/, so the same unsavory third party could just start guessing URLs like /wp-content/uploads/2016/05/IMG_0001.jpg, hoping to eventually get a hit. 9,999 requests would enumerate every possible image from an iPhone for each month, almost definitely allowing an unauthorized person access to your photos.

The Unpredictable Image Filenames plugin for WordPress renames image files to a sufficiently unguessable name when you upload them. For example, IMG_0345.jpg could end up as 334AB1E8-28AB-4BE1-882D-3C112E95F055.jpg, and IMG_0346.jpg could be renamed A67C9CF9-0BB5-4FB4-AD03-DCB294F853EC.jpg. Try and guess that!

You can install Unpredictable Image Filenames from your WordPress admin plugins screen, download it from the .org plugins directory, or view the source on GitHub.


2 comments on “New WordPress Plugin: Unpredictable Image Filenames

  1. OK, sorry to post here but I had a little problem on Inline Preview – see forum. And a code error is showing on your site in header :-) You should fix this…

Leave a Reply

Your email address will not be published.