WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Password protect a whole directory? (11 posts)

  1. incite
    Member
    Posted 4 years ago #

    Hello!

    Hopefully you'll be able to help me with this, I'm wondering if it's possible to password protect a directory which uses the WordPress Users database for authentication when a file in that directory is attempted being accessed? I've tried many plugins but most seem to be crudely hiding the URL of a file as opposed to actually securing a directory.

    Here's what I want to do, I want to offer a file for download which is only visible to subscribers of my blog. At the moment I'm doing this by simply hiding the link based on if a user is logged in at theme level. I'd love to move to getting this sorted at folder level if anyone has any ideas how? I just don't want people sharing the raw link of files.

    I do have cPanel too which could be used to secure a directory, is there a way to make wordpress talk to cpanel authentication? Are there any plugins which you think I may have missed?

    I really appreciate if you could point me in the right direction it's either that or a wall very near me is going to have a shape of my head imprinted on it!

    Thanks!

  2. Jasonian
    Member
    Posted 4 years ago #

    Well, there is a solution, but it's not as straight forward.

    the e-commerce plugin allows downloads. It also allows you to require registration before checkout.

    Make the download file very expensive. You can use a coupon code that would effectively make the purchase free. Share the coupon code via email with your subscribers.

  3. incite
    Member
    Posted 4 years ago #

    Thanks! I actually managed to sort out this issue by storing the file in a directory which has a 401 re-direct via the htaccess file based on whether the user was logged in or not, the link to the file is then only visible to people via hiding the link in a custom meta field unless the user is logged in at theme level.

    Quite a lengthy process but I got there in the end!

  4. viktorwadelius
    Member
    Posted 4 years ago #

    Hey incite,

    Can you please post the code? I'm looking for exactly the same thing. Would save me alot of time!

    Thanks in advance.

  5. incite
    Member
    Posted 4 years ago #

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^.*uploads/premium/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule . /index.php [R,L]
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Here is my htaccess file, the directory i protected was "uploads/premium/" so changing the directory to the one you have configured should help. I used a plugin to change the directory of uploads which made it easier to handle files and paths in the media gallery.

    To hide the url completely at theme level I used some PHP such as:

    <?php $secretlink {get_post_meta bla bla bla}; ?>
    <a href="<?php if logged_in {get_post_meta echo '$secretlink'}; ?>">Secret link here</a>

    Sorry that PHP markup is just a made up language ha ha I imagine you know how to do this but if not i'll give you a more ample reply tomorrow with real PHP code and better comments!

  6. viktorwadelius
    Member
    Posted 4 years ago #

    Hey!

    Thanks alot! Just exactly what I was looking for. The PHP I can handle, it's just this small hacks with htaccess that I'm not that in to.

    What plugin do you use? I've using wordpress for a custom CMS for a project with a lot of filesharing (mostyl PDF's). So I made my own filehandler for uploading documents and such and leaved the wordpress-uploads for pictures in the blog/news.

    Again - thanks!

  7. incite
    Member
    Posted 4 years ago #

    The website I used this for was also for a heavily customised CMS of wordpress. We wanted users to be able to register for a service the company offered - Once registered those users could see/access "premium content". However we still wanted certain uploads to be open to everyone as and when chosen... most importantly done really really easily for people who don't know about code.

    I've heavily modified the Register-Plus plugin for the registration section and use the "Relocate Upload" plugin by Alan Trewartha to relocate files upon upload - this plugin was great because it provided the direct link which could be pasted automatically into a secret link box with a bit of JS and didn't rely on the end user messing with long urls! Probably the most complicated WordPress install i've ever done!

    It took me about 2 weeks to find out about the htaccess solution so i'm glad I could help you out faster than it took me! Now i'm finding solutions with htaccess rules all over the place!

  8. mingya
    Member
    Posted 3 years ago #

    Hi incite, hope you still following this thread.

    Tried your code to protect a directory on the same level as wp-content, but it doesn't seem to take effect.

    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]

    However I can still access the PHP files directly even when I'm not logged in.

    Any help please?

  9. incite
    Member
    Posted 3 years ago #

    @mingya

    Can you paste the contents of your .htaccess file please, and write out the path of the presentation folder. Is the presentation folder within the uploads directory or is it in a directory of it's own? I.e.

    root/presentation/
    Or
    root/uploads/presentation/
    root/wp-admin/presentation/ etc

    It may be that you are not supplying a Rule for the RewriteCond i.e. your .htaccess file may read:

    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]

    When it should read:

    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule . /wp-login.php?redirect_to=%{REQUEST_URI} [R,L]

  10. mingya
    Member
    Posted 3 years ago #

    @incite

    The path to presentation folder is

    /www/sandbox/html/presentation/
    /www/sandbox/html/wp-content/
    /www/sandbox/html/wp-admin/

    Basically the root of WordPress installation is:
    /www/sandbox/html/

    Here is my htaccess:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule . /index.php [R,L]
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Thanks for helping.

  11. mingya
    Member
    Posted 3 years ago #

    btw, this htaccess is in the wordpress installation folder

Topic Closed

This topic has been closed to new replies.

About this Topic