diff --git a/.htaccess b/.htaccess
index 903f6392c..6cef7e379 100644
--- a/.htaccess
+++ b/.htaccess
@@ -3,8 +3,19 @@
         Options -MultiViews
     </IfModule>
 
+    Options +FollowSymlinks
+
+    # Prevent Directory listing
+    Options -Indexes
+
     RewriteEngine On
 
+    # Prevent Direct Access To Protected Folders
+    RewriteRule ^(app|bootstrap|config|database|resources|routes|storage|tests)/(.*) / [L,R=301]
+
+    # Prevent Direct Access To modules/vendor Folders Except Assets
+    RewriteRule ^(modules|vendor)/(.*)\.((?!ico|gif|jpg|jpeg|png|js|css|less|sass|font|woff|woff2|eot|ttf|svg).)*$ / [L,R=301]
+
     # Redirect Trailing Slashes If Not A Folder...
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule ^(.*)/$ /$1 [L,R=301]
diff --git a/app/Http/Controllers/Auth/Users.php b/app/Http/Controllers/Auth/Users.php
index 4800ebcbd..3a6665917 100644
--- a/app/Http/Controllers/Auth/Users.php
+++ b/app/Http/Controllers/Auth/Users.php
@@ -106,7 +106,7 @@ class Users extends Controller
         // Upload picture
         $picture = $request->file('picture');
         if ($picture && $picture->isValid()) {
-            $request['picture'] = $picture->store('uploads/users');
+            $request['picture'] = $picture->store('users');
         }
 
         // Do not reset password if not entered/changed
diff --git a/app/Http/Controllers/Common/Uploads.php b/app/Http/Controllers/Common/Uploads.php
new file mode 100644
index 000000000..b40649500
--- /dev/null
+++ b/app/Http/Controllers/Common/Uploads.php
@@ -0,0 +1,68 @@
+<?php
+
+namespace App\Http\Controllers\Common;
+
+use App\Http\Controllers\Controller;
+use Storage;
+
+class Uploads extends Controller
+{
+    /**
+     * Show the specified resource.
+     *
+     * @param  $folder
+     * @param  $file
+     * @return boolean|Response
+     */
+    public function show($folder, $file)
+    {
+        // Get file path
+        if (!$path = $this->getPath($folder, $file)) {
+            return false;
+        }
+
+        return response()->file($path);
+    }
+
+    /**
+     * Download the specified resource.
+     *
+     * @param  $folder
+     * @param  $file
+     * @return boolean|Response
+     */
+    public function download($folder, $file)
+    {
+        // Get file path
+        if (!$path = $this->getPath($folder, $file)) {
+            return false;
+        }
+
+        return response()->download($path);
+    }
+
+    /**
+     * Get the full path of resource.
+     *
+     * @param  $folder
+     * @param  $file
+     * @return boolean|string
+     */
+    protected function getPath($folder, $file)
+    {
+        // Add company id
+        if ($folder != 'users') {
+            $folder = session('company_id') . '/' . $folder;
+        }
+
+        $path = $folder . '/' . $file;
+
+        if (!Storage::exists($path)) {
+            return false;
+        }
+
+        $full_path = Storage::path($path);
+
+        return $full_path;
+    }
+}
diff --git a/app/Models/Auth/User.php b/app/Models/Auth/User.php
index 75be3bc84..6dea23a2e 100644
--- a/app/Models/Auth/User.php
+++ b/app/Models/Auth/User.php
@@ -79,24 +79,21 @@ class User extends Authenticatable
      */
     public function getPictureAttribute($value)
     {
-        $pic = '';
-
-        if (is_file(base_path($value))) {
-            $pic = $value;
-        } elseif (setting('general.use_gravatar', '0') == '1') {
+        // Check if we should use gravatar
+        if (setting('general.use_gravatar', '0') == '1') {
             // Check for gravatar
             $url = 'https://www.gravatar.com/avatar/' . md5(strtolower($this->getAttribute('email'))).'?size=90&d=404';
 
             $client = new \GuzzleHttp\Client(['verify' => false]);
 
             try {
-                $pic = $client->request('GET', $url)->getBody()->getContents();
+                $value = $client->request('GET', $url)->getBody()->getContents();
             } catch (RequestException $e) {
                 // 404 Not Found
             }
         }
 
-        return $pic;
+        return $value;
     }
 
     /**
diff --git a/app/Traits/Uploads.php b/app/Traits/Uploads.php
index 66bef03a5..07c1e0648 100644
--- a/app/Traits/Uploads.php
+++ b/app/Traits/Uploads.php
@@ -19,7 +19,11 @@ trait Uploads
 
         $file_name = $file->getClientOriginalName();
 
-        $path = 'storage/app/' . $file->storeAs('uploads/' . $company_id . '/' . $folder, $file_name);
+        // Upload file
+        $file->storeAs($company_id . '/' . $folder, $file_name);
+
+        // Prepare db path
+        $path = $folder . '/' . $file_name;
 
         return $path;
     }
diff --git a/config/filesystems.php b/config/filesystems.php
index f59cf9e99..df225fc2a 100644
--- a/config/filesystems.php
+++ b/config/filesystems.php
@@ -13,7 +13,7 @@ return [
     |
     */
 
-    'default' => 'local',
+    'default' => 'uploads',
 
     /*
     |--------------------------------------------------------------------------
@@ -55,6 +55,13 @@ return [
             'visibility' => 'public',
         ],
 
+        'uploads' => [
+            'driver' => 'local',
+            'root' => storage_path('app/uploads'),
+            'url' => env('APP_URL').'/uploads',
+            'visibility' => 'private',
+        ],
+
         's3' => [
             'driver' => 's3',
             'key' => env('AWS_KEY'),
diff --git a/resources/views/auth/users/index.blade.php b/resources/views/auth/users/index.blade.php
index 07f9a4764..c9ee2e6c4 100644
--- a/resources/views/auth/users/index.blade.php
+++ b/resources/views/auth/users/index.blade.php
@@ -40,7 +40,7 @@
                 <tbody>
                 @foreach($users as $item)
                     <tr>
-                        <td><a href="{{ url('auth/users/' . $item->id . '/edit') }}"><img src="{{ asset($item->picture) }}" class="users-image" alt="{{ $item->name }}" title="{{ $item->name }}"> {{ $item->name }}</a></td>
+                        <td><a href="{{ url('auth/users/' . $item->id . '/edit') }}"><img src="{{ Storage::url($item->picture) }}" class="users-image" alt="{{ $item->name }}" title="{{ $item->name }}"> {{ $item->name }}</a></td>
                         <td>{{ $item->email }}</td>
                         <td style="vertical-align: middle;">
                             @foreach($item->roles as $role)
diff --git a/resources/views/items/items/index.blade.php b/resources/views/items/items/index.blade.php
index 16bd6eee7..8b9c62e44 100644
--- a/resources/views/items/items/index.blade.php
+++ b/resources/views/items/items/index.blade.php
@@ -45,7 +45,7 @@
                 <tbody>
                 @foreach($items as $item)
                     <tr>
-                        <td><img src="{{ asset($item->picture) }}" class="img-thumbnail" width="50" alt="{{ $item->name }}"></td>
+                        <td><img src="{{ Storage::url($item->picture) }}" class="img-thumbnail" width="50" alt="{{ $item->name }}"></td>
                         <td><a href="{{ url('items/items/' . $item->id . '/edit') }}">{{ $item->name }}</a></td>
                         <td>{{ $item->category ? $item->category->name : trans('general.na') }}</td>
                         <td>{{ $item->quantity }}</td>
diff --git a/resources/views/partials/admin/header.blade.php b/resources/views/partials/admin/header.blade.php
index 43fad2d9d..4e7405ce9 100644
--- a/resources/views/partials/admin/header.blade.php
+++ b/resources/views/partials/admin/header.blade.php
@@ -153,7 +153,7 @@
                 <li class="dropdown user user-menu">
                     <a href="#" class="dropdown-toggle" data-toggle="dropdown">
                         @if ($user->picture)
-                            <img src="{{ asset($user->picture) }}" class="user-image" alt="User Image">
+                            <img src="{{ Storage::url($user->picture) }}" class="user-image" alt="User Image">
                         @else
                             <i class="fa fa-user-o"></i>
                         @endif
@@ -165,7 +165,7 @@
                         <!-- User image -->
                         <li class="user-header">
                             @if ($user->picture)
-                            <img src="{{ asset($user->picture) }}" class="img-circle" alt="User Image">
+                            <img src="{{ Storage::url($user->picture) }}" class="img-circle" alt="User Image">
                             @else
                                 <i class="fa fa-4 fa-user-o" style="color: #fff; font-size: 7em;"></i>
                             @endif
diff --git a/resources/views/partials/admin/menu.blade.php b/resources/views/partials/admin/menu.blade.php
index 597472b51..f9044bf9f 100644
--- a/resources/views/partials/admin/menu.blade.php
+++ b/resources/views/partials/admin/menu.blade.php
@@ -4,7 +4,7 @@
         <!-- Sidebar user panel -->
         <div class="user-panel">
             <div class="pull-left image">
-                <img src="{{ asset(setting('general.company_logo', 'public/img/company.png')) }}" class="img-circle" alt="@setting('general.company_name')">
+                <img src="{{ setting('general.company_logo') ? Storage::url(setting('general.company_logo')) : asset('public/img/company.png') }}" class="img-circle" alt="@setting('general.company_name')">
             </div>
             <div class="pull-left info">
                 <p>{{ str_limit(setting('general.company_name'), 22) }}</p>
diff --git a/routes/web.php b/routes/web.php
index 6df387faa..502eae3fd 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -9,6 +9,11 @@
 Route::group(['middleware' => ['auth', 'language', 'adminmenu', 'permission:read-admin-panel']], function () {
     Route::get('/', 'Dashboard\Dashboard@index');
 
+    Route::group(['prefix' => 'uploads'], function () {
+        Route::get('{folder}/{file}', 'Common\Uploads@show');
+        Route::get('{folder}/{file}/download', 'Common\Uploads@download');
+    });
+
     Route::group(['prefix' => 'search'], function () {
         Route::get('search/search', 'Search\Search@search');
         Route::resource('search', 'Search\Search');
