Can we change our directory to store uploaded files?

Dear colleague,

Our ojs is installed in the directory:

Currently, the uploaded files are stored at:

Now, we want to store the uploaded files in a new directory, for example:

Can we do so by editing the “files_dir” in the file?

Will this change only affect the uploaded files in the future (in other words, the files uploaded in the past will not be affected)?

Thank you!


Hi @Academic123,

So far I know, you should edit the "“files_dir” in and move your files folder to that place. It will not cause problem for past files and will work even for future uploads.

Actually you should do this to prevent anyone from the web to directly access your contents of files folder.


Dear anupent,

Thanks so much for you kind help.

In addition to editing the file, do we need to move the all the files uploaded in the past (at to the new folder (

And such a move will not affect the published papers in the past?

Please confirm.

Thanks so much!

Best regards

I went through the same problem you are going now. Initially I had my upload folder within public_html.
Later I moved it to outside of public_html and then changed the path in
Everything was in order without problem.

Another word, if you keep a backup of your upload_folder, you can play with that folder. If it does not work you can simply copy that folder to the current location and your site will be working as it is now.

Note: You should keep your folder outside of public_html folder so no one can directly access it form the web.

Hope this helps you.

1 Like

Dear Friend,
Recently we migrated to CPanel.
Now we would also wish to the keep the files_dir outside public_html.
But do not understand where to keep.
May we keep it in public_ftp or we need to create a folder inside home.
Kindly suggest.

1 Like


I have created a folder inside home. It will not be accessed directly from web. And, I think this is the proper way.


Exactly I was also thinking the same way, your response given me the confidence to go ahead.
Thanks my Friend.

Dear Friend,
It is the same Indonesian Guy, who hacked my site too.
I can recreate the site in my localhost using the fresh codes from ojs and now ready to upload the contents with files_dir in Home/. But the database seems to be the same. Will it be having any malicious codes within it?If, yes then how the database can be sanitised?

Kindly guide me get the things secured and operational.


Hi @drvenkatesanj,

I’ve posted on this question on your other thread. (It’s better to just post once – otherwise the forum gets cluttered.)

Alec Smecher
Public Knowledge Project Team