WordPress.org

Ready to get started?Download WordPress

Forums

How to restrict user access to "upload" file (2 posts)

  1. Palauphish
    Member
    Posted 5 months ago #

    On my site, I have a “resource” page where I have uploaded some documents using the “media” tab. I have uploaded various .pdf files for quick access by clients and staff. When a client clicks on the .pdf, it leads them to:

    http://www.website-name.com/wp-content/uploads/example.pdf

    The problem is, if someone removes the “/example.pdf” it leads them to:

    http://www.website-name.com/wp-content/uploads/

    And now they can access the index of all of my media uploads which includes my logo, pictures and other things I do not want users to access.

    Any ideas on how I can restrict access to this with people simply deleting the end of the extension?

  2. bemdesign
    Member
    Posted 5 months ago #

    They would still need to know the exact filename to see anything though - just going to the uploads folder shouldn't show anything if you have your server configured that way. If you want you could also create an empty index.php file that has <?php //silence is golden and that would pretty much make it impossible for anyone to see anything in the uploads folder unless they knew the exact URL to a specific resource. Finally there's plugins that can provide additional media management solutions that can help restrict access.

Reply

You must log in to post.

About this Topic