Home  ›  Wordpress Restrict Uploads Folder Access to Logged in Users

Wordpress Restrict Uploads Folder Access to Logged in Users

Written By Tuesday, April 12, 2022 Add Comment Edit

Content and files are the primary avails of any WordPress site. While the website content can exist protected by a countersign or membership plugins, there is no easy way to protect media files on your site.

Equally a affair of fact, membership or download plugins can secure and restrict your folio and post URLs to logged-in users or paid members. Still, media files embedded into content are still accessible to the public. In fact, anyone with straight links to those files can admission and download them. They can even be hotlinked from other websites too.

This poses a threat to your WordPress site as your valuable files and gray matter can be stolen at any time.

In this commodity, we'll provide y'all with multiple solutions on how to keep prying eyes out of your media files.

By the end of this article, you'll know:

  • How to restrict wp-content/uploads admission to logged in users
  • How to foreclose hotlinking of media files
  • How to Protect WordPress files with Prevent Directly Access Gold plugin
  • How to protect WordPress uploads and media files

Let's go started!

How to Restrict wp-content/uploads Access to Logged In Users

WordPress stores all of your images and media uploads in the wp-content/uploads directory.

Imagine that you lot're a vocaliser and y'all make a living by selling music videos to registered members on your WordPress site. What happens if your albums in your wp-content/uploads folder are accessed by non-logged in users and leaked out? You'll suffer a huge loss in revenue. To avoid that scenario, you demand to play some tricks with the .htaccess file.

Note: There'southward a good chance that you lot'll modify some codes in the .htaccess file. In that case, remember to create a backup of your .htaccess file beforehand.

Open up your .htaccess file in the root folder of your WordPress site and insert the following code snippet into it.

          <IfModule mod_rewrite.c>     RewriteEngine On     RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]     RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]     RewriteRule . http://%{HTTP_HOST}%i/wp-login.php?redirect_to=%{REQUEST_URI} [50,QSA] </IfModule>

The codes above are used for full direct admission restriction to all of the files residing in the wp-content/uploads binder.

If you'd similar to prevent direct access to but some specific files, copy and paste the codes below to your .htaccess file:

# Protect merely some files within the uploads folder 

          <IfModule mod_rewrite.c>     RewriteEngine On     RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]     RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.*\.(?:gif|png|jpe?thou|pdf|txt|rtf|html|htm|xlsx?|docx?|mp3|mp4|mov)$ [NC]     RewriteRule . http://%{HTTP_HOST}%ane/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA] </IfModule>

How exercise the two lawmaking snippets above work?

In the 4th line, the mod_rewrite module checks to see if there's a cookie whose name contains "wordpress_logged_in." If not, information technology means that the user is not logged in.

The adjacent rule checks if the user is trying to access whatever files in the wp-content/uploads folder.

The final line redirects the user to a login folio. If they successfully log in, they will be taken to the files they're trying to access.

We've shown you how to restrict the direct admission to files in the wp-content/uploads folder against non-logged in users. Let's move to the next part of how to prevent your media files from hotlinking.

How to Forbid Hotlinking of Media Files

Hotlinking happens when other people use images and other media files, such as videos, and audios from your website and embed them directly on their site. Unless you allow them to hotlink your media files past providing the embed code, that'due south considered stealing and violating copyright infringement. It also takes up your server bandwidth and resources.

To prevent hotlinking of your images and other media files, you first need to upload all of your of import media files to another directory, and so add the post-obit code snippet to your .htaccess file:

# Begin Hotlinking Protection 

          RewriteEngine on  RewriteCond %{HTTP_REFERER} !^$  RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com/wp-content/uploads/important/.*$ [NC] RewriteRule .(gif|jpg|jpeg|bmp|aught|rar|mp3|mp4|flv|swf|xml|php|png|css|pdf) $ - [NC,F,50]

Make sure that you replace "domain.com" with your site.

If you want to evidence a "No Hotlinking" custom page instead of a usual error message to those who hotlink your media files, but modify the "RewriteRule" in the codes below a bit:

          RewriteEngine on  RewriteCond %{HTTP_REFERER} !^$  RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/wp-content/uploads/important/.*$ [NC] RewriteRule.(gif|jpg|jpeg|bmp|zip|rar|mp3|mp4|flv|swf|xml|php|png|css|pdf)$ http://www.domain.com/no-hot-linking.jpg - [NC,F,L]

In the codes above, "http://domain.com/no-hot-linking.jpg" is the straight link to the image you're using as a customized error bulletin.

Y'all can likewise add a few tweaks to that code snippet for redirection purposes. By changing the final line to a specific URL of your homepage or a landing folio, yous can asking users to get a member to access your media files.

In case you lot'd like to deny hotlinking but withal allow certain search engines and social media platforms to admission your files, you lot tin can add the following code snippet to your .htaccess file:

          RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/wp-content/uploads/important/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] RewriteCond %{HTTP_REFERER} !^http(due south)?://(www\.)?bing.com [NC] RewriteCond %{HTTP_REFERER} !^http(southward)?://(www\.)?yahoo.com [NC] RewriteRule .(gif|jpg|jpeg|bmp|zip|rar|mp3|mp4|flv|swf|xml|php|png|css|pdf)$ http://www.domain.com/no-hot-linking.jpg - [NC,F,Fifty]

Don't forget to replace "domain.com" with the actual website proper noun.

The .htaccess method seems straightforward and practical indeed. All the same, if you're a consummate WordPress novice and not then confident when it comes to codes, you lot should consider using a plugin to block direct access to your files.

Information technology'south when the Prevent Direct Access (PDA) Golden plugin comes to play!

Limit WordPress Media Library Access with PDA Aureate

Foreclose Straight Access (PDA) Gold offers a friendly and effective solution to prevent your WordPress files from being indexed by search engines and stolen by unwanted users. The plugin protects unlimited media files and all file types such as images (PNG, JPEG), documents (PDF, DOCX, PPTX), audios, and videos (MP4, MP3) that you upload to your website under Media Library or via Media, Pages or Posts.

What'south more, PDA Gold enables y'all to fix user permissions with a few unproblematic clicks.

Allow's explore PDA Gold fundamental features.

Restrict WordPress Media Visibility to Authorized Users

Once protected by PDA Golden, your private files will no longer exist accessible to anyone except those you've granted permission.

Customizing the "No Access" folio: The plugin allows you to show your custom page instead of the 404 error message. You lot tin request unauthorized users to login, become a member to access the protected files past redirecting them to a registration or login page.

Restricting access by IP addresses: Prevent Direct Admission  enables you to take total control over your private download links by blocking unwanted IP addresses accessing your files. Plus, with the Gilt version, y'all'll exist able to likewise gear up motorcar expiration on numbers of clicks or days.

Block Google Indexing of Private Files

The plugin informs Google and other search engines not to alphabetize any of your protected files. Your protected files and download links won't exist shown upward on the search results.

PDA Gold as well comes with bones WordPress security features.

Block access to WordPress uploads directory: Nether the plugin protection, the wp-content/uploads folder where y'all store all media uploads will be condom from outsiders. No one will exist able to sneak and browse your media files any more than.

Preventing image and file hotlinking: Thanks to this feature, no i can steal and utilise your images and files without permission. Information technology restricts usage of your media files, which stops others from sneakily embedding these URLs into their websites.

How to Protect WordPress Uploads and File Downloads

So how to secure WordPress files using Prevent Direct Access?

Kickoff, you lot need to install the Prevent Direct Admission Lite and Gold plugin on your WordPress dashboard, under "Plugins."

Now, start to protect your media files.

  • Click on "Media."
  • Choose "List View" mode.
  • There'due south an extra column named "Prevent Directly Access" generated by the plugin. Click on "Protect this file" selection if you want to prevent others from accessing that file.
  • The file is now protected.

Brand sure that you clear all caches, including your hosting cache, cache plugins, and browser cache. Your important files and their private links may not be protected correctly if they're cached.

Grant Private Files Access to certain Domains/Referrer URLs

Apart from preventing direct access and hotlinking to your file URL, some other key feature that you desire to achieve is to allow access from your ain or certain desired domains.

In other words, y'all can restrict file access to sure users depending on where they come from, i.due east. referer links.

For example, you lot can specify only those who come from youraffiliatewebsite.com can download your private PDF files. Those with straight file URL won't exist able to practise so.

Binder Protection: Protect WordPress Directories

Instead of protecting files individually, you can block straight access to all files under a detail folder with Access Restriction on acme of PDA Gold.

To use the binder protection feature, but select a folder at the root or WordPress uploads directory to get started with. So choose which user roles or username who can admission those folders directly.

You can also select which file types to protect on those directories, e.one thousand. only PNG and PPT.

Secure WordPress Files & Uploads Directory Now

Nosotros've provided you with 2 efficient solutions to forestall direct admission to your wp-content/uploads folder also as securing your WordPress media files against hotlinking and unauthorized users.

You tin can either add some code snippets in your .htaccess file or take the soft pick of using the Forbid Directly Access Gilt plugin. Always bear in listen to back up your .htaccess file and your site beforehand, since a minor fault made in that file can intermission your site severely.

What are yous still waiting for? Protect your valuable files and media now.

Permit us know what solution y'all're using to cake direct access to your media files by leaving a annotate below.

Photo by Jon Moore on Unsplash

tafoyacolize.blogspot.com

Source: https://www.noupe.com/wordpress/how-to-protect-wordpress-files-and-uploads-folder.html#:~:text=To%20use%20the%20folder%20protection,e.g.%20only%20PNG%20and%20PPT.

0 Response to "Wordpress Restrict Uploads Folder Access to Logged in Users"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel