If you don't use direct download you can actually disable the access to the upload folder completely.
Simply put a .htaccess into the upload folder where you deny all.
What I don't understand is the relation to Joomla itself. Because your .htaccess should only be in the upload folder and not somewhere else.
Hi Michael, I figured out a work around... Bear in mind that I have very little knowledge of computers actually...
Originally I had put the .htaccess file in the directory I created to accept uploads. I put Options -Indexes which caused Joomla not to display the directory when people browsed the folder in their browser... however it also caused Joomla not to display the menu item for jfu when the menu access level was set to anything other than public for some reason.
As I only wanted certain people to be able to upload rather than all registered users I thought I needed to protect the menu item... but i changed the people who were able to access the front end via the users in group1
Then I re-enabled the viewing of the file structure... but prevent viewing of the actual file extensions we use. I don't see a security issue that people know we have directories, as long as they cannot access the files.
IndexIgnore *.wmv *.mp4 *.avi *.hse *.tsv *.xls *.pdf *.doc *.jpg *.jpeg *.zip *.HSE *.TSV *.XLS *.PDF *.DOC *.JPG *.JPEG *.ZIP
seems to be working, sorry to have bothered you