How to restrict user access to "upload" file | WordPress.org

Palauphish
(@palauphish)

10 years, 2 months ago

On my site, I have a “resource” page where I have uploaded some documents using the “media” tab. I have uploaded various .pdf files for quick access by clients and staff. When a client clicks on the .pdf, it leads them to:

http://www.website-name.com/wp-content/uploads/example.pdf

The problem is, if someone removes the “/example.pdf” it leads them to:

http://www.website-name.com/wp-content/uploads/

And now they can access the index of all of my media uploads which includes my logo, pictures and other things I do not want users to access.

Any ideas on how I can restrict access to this with people simply deleting the end of the extension?

Viewing 1 replies (of 1 total)

bemdesign
(@bemdesign)

10 years, 2 months ago

They would still need to know the exact filename to see anything though – just going to the uploads folder shouldn’t show anything if you have your server configured that way. If you want you could also create an empty index.php file that has <?php //silence is golden and that would pretty much make it impossible for anyone to see anything in the uploads folder unless they knew the exact URL to a specific resource. Finally there’s plugins that can provide additional media management solutions that can help restrict access.

Viewing 1 replies (of 1 total)

The topic ‘How to restrict user access to "upload" file’ is closed to new replies.

Tags

In: Fixing WordPress
1 reply
2 participants
Last reply from: bemdesign
Last activity: 10 years, 2 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics