Thread Starter
wtever
(@wtever)
Just wanted to follow-up to see if anyone had any ideas (or leads of ideas) on how to best address this.
Thank you
Looking for the exact same thing. Amember does this, but I’m having numerous problems with it and want to switch to something else. WishListProducts looks great, but am concerned about protecting media files, which is really the basis of my membership site, not the posts/pages in WordPress.
This would be a nice feature. I am also attempting to solve this problem. Have there been any updates? Has anybody been able to do this?
Agreed. Looks like we need a plugin that
- disables direct access to files in /wp-content/uploads/
- serves up this content after first applying the appropriate level of authentication (e.g. is this user a subscriber?)
Member Access looks promising but it doesn’t have this functionality (yet?):
http://www.chrisabernethy.com/wordpress-plugins/member-access/
Not sure if this helps, but I was having a similar issue and in lieu of finding a plugin that solved this problem, I simply used the Force User Login plugin and then created a .htaccess file in my ‘uploads’ directory to prevent direct hot-linking to any file within that directory and its subdirectories not coming directly from my ‘Members Only’ site. This way, only logged in users can access content within the uploads directory, and only when directly linked from my site. Otherwise direct linking re-directs the user to another site. Does this make sense?
Here’s an example .htaccess file you’d want to create and place in your ‘wp-content/uploads’ directory:
IndexIgnore *
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myprotectedmemberssite\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) [NC]
RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx)$ http://yahoo.com/ [NC]
In the above example the first line disables file directory listings (so no one can view the files in the ‘uploads’ or any of its subdirectories. The line with HTTP_REFERER makes sure linking to a particular file is coming from my site. The gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) is a list of filetypes I want to prevent from being directly linked to (unless they are clicking from my site).
Sorry this doesn’t use a plugin to solve this (maybe I should write one?), but this seems to do the trick. Hope it helps.
In the above example the first line disables file directory listings (so no one can view the files in the ‘uploads’ or any of its subdirectories. The line with HTTP_REFERER makes sure linking to a particular file is coming from my site. The gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx) is a list of filetypes I want to prevent from being directly linked to (unless they are clicking from my site).
Sorry this doesn’t use a plugin to solve this (maybe I should write one?), but this seems to do the trick. Hope it helps.
The problem is people download MP3s how can this solved. Today i realised that google actually indexed an MP3 and i managed to download it using Firefox. What do i add on the .htaccess to stop search engines from going in there. How can i hide the files?
Please help
wwhitehead: I think you’re on the right track. Can you get in touch with me regarding this quick-patch? I would be keen to get your assistance quickly.
More than happy to compensate you for any time I take.
Either post back here, or tweet me at: @kjakich
Thanks
K
wwhitehead: This solution works well. However i have noticed it prevents the user to ‘Save Target as’ in IE. It redirects to download a .html file…
Have you come across this? Any ideas as to why this might be happening?
Cheers,
Jarome.
