The Drupal (CMS) uses .HTACCESS files to control directory access (unless of course you override/remove them and control your settings with modification to your PHP.INI file). On first install of this site I noticed that uploaded images were not visible in the default installation. The way around this is to store the following piece of .htaccess script in the folder where the images are kept on the server. So upload the following script (as a .htaccess file) to the folder where images are not accessible and the said images should become visible to people accessing your website. SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006 Options None Options FollowSymLinks RewriteEngine off Try copying and pasting this script into your own .HTACCESS file. You probably know this already but dont forget to keep the old file just in case you need to revert to the old settings.