WordPress.org

Ready to get started?Download WordPress

Forums

Don't want images searchable (11 posts)

  1. ceeteevee
    Member
    Posted 6 years ago #

    Hi!
    I've looked for this question, but haven't found it asked.

    Basically what I want to accomplish is to have my images protected so that no one can find it by entering the exact URL to that image. I have used "members only" "private plus," and "registered users only" plugins. No one can access the images directory if they enter, say, "http://www.fakesite.com/Imagedirectory," but if they enter "http://www.fakesite.com/Imagedirectory/photo.jpg," it shows up. I have tried this myself by logging out, clearing out my cache/cookies, and every time I enter the URL to the image itself, it comes up.

    I'm sure there's an easy solution to this - suggestions?

  2. whooami
    Member
    Posted 6 years ago #

    there isnt an easy solution, because what you want isn't really feasible.

    ...but if they enter "http://www.fakesite.com/Imagedirectory/photo.jpg,

    In a nutshell, thats how the internet works.

    you could write a convoluted script that loaded images using some random hash and checked referers, and only let you show it if the referer was coming from a particular page, but since lots of people block referers...

    you could load all your images inside a flash object, and try to obscufate the path to the actual images. Anyone with a method for decompiling your object(s) and some basic actionscript knowledge can bypass that though..

    you could password protect the directory all your images are in, but that would break your own links to them.

    --

    Everything placed in a web accessible directory, has a corresponding url attached to it that makes it able to be called up in a browser.

  3. Roger Theriault
    Member
    Posted 6 years ago #

    That's one of the items mentioned in this article:

    http://www.hongkiat.com/blog/40-most-wanted-wordpress-tricks-and-hacks/

  4. flick
    Member
    Posted 6 years ago #

  5. whooami
    Member
    Posted 6 years ago #

    hotlinking isnt what the OP is describing.

  6. ceeteevee
    Member
    Posted 6 years ago #

    there isnt an easy solution, because what you want isn't really feasible.

    ...but if they enter "http://www.fakesite.com/Imagedirectory/photo.jpg,

    In a nutshell, thats how the internet works.

    you could write a convoluted script that loaded images using some random hash and checked referers, and only let you show it if the referer was coming from a particular page, but since lots of people block referers...

    you could load all your images inside a flash object, and try to obscufate the path to the actual images. Anyone with a method for decompiling your object(s) and some basic actionscript knowledge can bypass that though..

    you could password protect the directory all your images are in, but that would break your own links to them.

    --

    Everything placed in a web accessible directory, has a corresponding url attached to it that makes it able to be called up in a browser.

    I had hoped that unless you were a registered/logged-in user the image would not show up, especially considering my images are in the wp-content folder. Is there not a way to block anyone but registered users from seeing the image?

  7. Roger Theriault
    Member
    Posted 6 years ago #

    There are other options... Apache has a few types of authorization mechanisms. mod_auth_* Obviously you have indexing turned off for the directory. You can also protect it using simple authentication... the credentials which could be provided to the browser on login. I believe WordPress uses a cookie authentication, but I don't know if there's a corresponding .htaccess directive to apply it to files in a directory.

    Or you could block access to anything in the directory (or even keep it outside the public tree), and instead use a helper php function which (after authentication just like any of the other php files) reads the jpeg from the filesystem and outputs it to the browser. That would impose some additional server load, of course. All your image links would need to be http://fakesite.com/getprotectedimage.php?directory/secretjpeg.jpg
    or with rewritten URLs you could make it look like http://fakesite.com/protectedimages/directory/secretjpeg.jpg

    I don't really know if there is a plugin that already does anything like this... but you can probably find tons of example code that outputs JPEGs, it's pretty simple. But if you can do it with Apache checking the authorization, that would be cleaner and less resource intensive.

  8. ceeteevee
    Member
    Posted 6 years ago #

    not sure where my very latest post went, but it went something like this:

    Thanks so much everyone for your suggestions - it is truly appreciated. I am still confused, however, as to why someone who has not registered with my site is still able to view an image that is stored within a directory (wp-content) that has been set up to be viewed only by logged in, registered viewers. If anyone could shed light on this for me I would be most appreciative!

    Anita.

  9. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    Because you're checking that they are registered to WordPress when they view the site itself. You're not checking that they are registered to WordPress when they pull an image from the webserver.

    There are multiple types of authentication, and you're confusing them.

  10. ceeteevee
    Member
    Posted 6 years ago #

    I wonder if I passworded the photos directory which was the same password for registered readers to log into the site - would that work?

  11. whooami
    Member
    Posted 6 years ago #

    no it wouldnt, not nicely, at least, because you would not be using the same authentication scheme -- they would have to "login" twice.

    Youre wasting energy on this, honestly.

    There are TWO graceful methods of doing what you want: you embed whatever youre trying to keep ppl out inside a flash object (which just so you know wont stop everyone -- you CAN decompile flash, and you can still take screenshots or you use another script to handle the loading of the images.

Topic Closed

This topic has been closed to new replies.

About this Topic