Forums

WordPress › Support » Plugins and Hacks

how to protect media library /uploads folder within a membership site (7 posts)

  1. wtever
    Member
    Posted 6 months ago #

    I'm looking to build a WordPress-Based Membership Site using the WishListProducts plugin.

    But I see a big potential problem with securing the Media Library /uploads files.

    In my Membership Site, I'll have MP3, WMV, DOC, XLS and PDF
    downloads. I know that WishListProducts' plugin can protect
    the WordPress posts and pages that would introduce/feature
    these downloads.

    But what about the underlying embedded files themselves?

    What can I do to protect the WordPress Media Library /uploads folder, to prevent someone from acting like a
    kid in a candy store (ripping off EVERYTHING in sight, without paying for membership)?

    In other words, how do the downloadable files themselves get
    protected in that folder?

    Are you aware of any plugins that can help secure the contents /wp-content/uploads folder to only registered/approved users?

    Thank you

  2. wtever
    Member
    Posted 5 months ago #

    Just wanted to follow-up to see if anyone had any ideas (or leads of ideas) on how to best address this.

    Thank you

  3. kivi
    Member
    Posted 5 months ago #

    Looking for the exact same thing. Amember does this, but I'm having numerous problems with it and want to switch to something else. WishListProducts looks great, but am concerned about protecting media files, which is really the basis of my membership site, not the posts/pages in Wordpress.

  4. monsterweb
    Member
    Posted 1 month ago #

    This would be a nice feature. I am also attempting to solve this problem. Have there been any updates? Has anybody been able to do this?

  5. olop
    Member
    Posted 1 month ago #

    Agreed. Looks like we need a plugin that

    1. disables direct access to files in /wp-content/uploads/
    2. serves up this content after first applying the appropriate level of authentication (e.g. is this user a subscriber?)

    Member Access looks promising but it doesn't have this functionality (yet?):
    http://www.chrisabernethy.com/wordpress-plugins/member-access/

  6. wwhitehead
    Member
    Posted 5 days ago #

    Not sure if this helps, but I was having a similar issue and in lieu of finding a plugin that solved this problem, I simply used the Force User Login plugin and then created a .htaccess file in my 'uploads' directory to prevent direct hot-linking to any file within that directory and its subdirectories not coming directly from my 'Members Only' site. This way, only logged in users can access content within the uploads directory, and only when directly linked from my site. Otherwise direct linking re-directs the user to another site. Does this make sense?

    Here's an example .htaccess file you'd want to create and place in your 'wp-content/uploads' directory:

    IndexIgnore *
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myprotectedmemberssite\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) [NC]
RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx)$ http://yahoo.com/ [NC]

    In the above example the first line disables file directory listings (so no one can view the files in the 'uploads' or any of its subdirectories. The line with HTTP_REFERER makes sure linking to a particular file is coming from my site. The gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) is a list of filetypes I want to prevent from being directly linked to (unless they are clicking from my site).

    Sorry this doesn't use a plugin to solve this (maybe I should write one?), but this seems to do the trick. Hope it helps.

  7. buhle78
    Member
    Posted 3 days ago #

    In the above example the first line disables file directory listings (so no one can view the files in the 'uploads' or any of its subdirectories. The line with HTTP_REFERER makes sure linking to a particular file is coming from my site. The gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) is a list of filetypes I want to prevent from being directly linked to (unless they are clicking from my site).

    Sorry this doesn't use a plugin to solve this (maybe I should write one?), but this seems to do the trick. Hope it helps.

    The problem is people download MP3s how can this solved. Today i realised that google actually indexed an MP3 and i managed to download it using Firefox. What do i add on the .htaccess to stop search engines from going in there. How can i hide the files?

    Please help

Reply

You must log in to post.

About this Topic

Tags