Encrypting File Upload Names In WordPress Automatically

Trying to change and encrypt the file upload names automatically in WordPress using MD5? All you may need is to add this to your theme’s functions.php file.

MD5 encrypt file names when uploaded

To encrypt file names with MD5 encryption once uploaded into WordPress, add the code below to your WordPress theme’s functions.php file.

function rename_uploaded_filename( $filename ) {
     $ext = empty( pathinfo( $filename )['extension'] ) ? '' : '.' . pathinfo( $filename )['extension'];
     return substr( md5( $filename ), 0, 8 ) . $ext;

add_filter( 'sanitize_file_name', 'rename_uploaded_filename', 10 );

Note, MD5 can be decrypted. Therefore, this function is only to be used to prevent people manually-guessing the file’s name [temporarily].

Further security

For an extra layer of security, we recommend you disallow the media upload path using your robots.txt file. This will try to tell search engines not to crawl these files. However, some search engines may not honour this request.

Get the plugin

In order to make file safety simpler, we’ve developed the above code into a plugin.

You can find the plugin over at the WordPress plugin repository.