Support » Plugin: Prevent files / folders access » All files in directories?

  • Resolved JJNW

    (@jjnw)


    Hello. Do I have to specify specific individual files to protect? I just want any and all PDF’s, currently uploaded, and in the future, to dynamically be protected (so that only logged in users can only see the PDF). Is this possible? It seems like the plugin is asking me to upload files I want to protect, which doesn’t seem practical. Maybe I’m missing a setting’s option? Thank you.

    • This topic was modified 1 month, 3 weeks ago by JJNW.
Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author miniOrange

    (@cyberlord92)

    Hi there,

    Thanks for reaching out to us.

    There is no need to specify individual files. Instead you can just specify file types to protect e.g. PDF

    You can protect all your current PDF files as well as the files you will upload in the future. You can follow the below instructions to protect the pdf files:

    • Go to File Restriction tab.
    • Enable media restriction.
    • Enter pdf in the File type to restrict option and remove other extensions.
    • Choose your Redirect Option and click on the Save Settings button.
    • You will get a prompt to update your htaccess file choose the option accordingly and update your htaccess file .

    Once you done with the configuration you can verify it by trying to access pdf files without login.

    Let us know if you face any issues or problem. We’d be happy to help.

    Note: No need to upload files under protected folder our plugin is asking you. PDF files you upload under WP Media will also be protected.

    Have a great day!!

    Thanks
    Team miniOrange

    Thank you for that amazing response. But I don’t think it’s working. So, I did exactly as you suggested, and all is very good. Htaccess got updated and reflects the changed (including all folders I wanted protected).

    But, any last line of htaccess I try, the theme is destroyed, unless I comment out the last line of htaccess that was injected.

    I thought wp-login was a good choice RewriteRule ^(.*)$ ./wp-login.php?redirect_to=$1 [R=302,NC] for example, but it wrecks the theme, like it’s blocking all files, though I only specified PDF.

    So, I am not sure if it’s working, since I have to comment out that line to make it work… .

    Any suggestions would be appreciated.

    Thank you.

    Here is the injected htaccess script your plugin produced

    
    # BEGIN MINIORANGE MEDIA RESTRICTION
    RewriteCond %{REQUEST_FILENAME} ^.*(pdf)$ [OR]
    RewriteCond %{REQUEST_URI} protectedfiles [OR]
    RewriteCond %{REQUEST_URI} uploads [OR]
    RewriteCond %{REQUEST_URI} uploads/2019 [OR]
    RewriteCond %{REQUEST_URI} uploads/avatars [OR]
    RewriteCond %{REQUEST_URI} uploads/bpfb [OR]
    RewriteCond %{REQUEST_URI} uploads/buddypress [OR]
    RewriteCond %{REQUEST_URI} uploads/custom_styles [OR]
    RewriteCond %{REQUEST_URI} uploads/database/toolset [OR]
    RewriteCond %{REQUEST_URI} uploads/database/essential/grid [OR]
    RewriteCond %{REQUEST_URI} uploads/database/essential/wordpress/posts
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule ^(.*)$ ./wp-login.php?redirect_to=$1 [R=302,NC]
    # END MINIORANGE MEDIA RESTRICTION
    

    So, when I comment the last RewriteRule my theme isn’t broken, but plugin isn’t working.

    Hello, again.

    Ignore update – still messes up website.

    Update: clearing caches, website not messed up, but testing visitors can still see/download pdf’s.

    Any suggestions?

    Thank you.

    • This reply was modified 1 month, 3 weeks ago by JJNW.
    • This reply was modified 1 month, 3 weeks ago by JJNW.
    • This reply was modified 1 month, 3 weeks ago by JJNW.
    Plugin Author miniOrange

    (@cyberlord92)

    Hi there,

    Thanks for the update.

    Your theme may be broken because of some CSS and JS could be in uploads folder and you have protected the uploads folder.

    Could you please share the broken page link so that I can check it uses CSS/JS resources from uploads folder.

    but testing visitors can still see/download pdf’s.
    Could you please share your current htaccess rules? it would help me to debug the issue for you.

    If you comment the last line
    RewriteRule ^(.*)$ ./wp-login.php?redirect_to=$1 [R=302,NC]
    then the protection won’t work, to fix the access issue you have to update htaccess rules again.

    Also, we can have a screen share meeting to resolve this issue for you. Please drop an email to info@xecurify.com if you want to schedule a meeting to resolve it.

    Let me know if you have any questions or concerns. We’d be happy to help.

    Thanks
    Team miniOrange

    Thanks for getting back to me. Let continue trying to troubleshoot (just woke up) and I’ll update you with any results.

    Theme I am using: Kleo Theme

    Here is my current htaccess:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /web/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /web/index.php [L]
    </IfModule>
    # END WordPress
    # BEGIN MINIORANGE MEDIA RESTRICTION
    RewriteCond %{REQUEST_FILENAME} ^.*(pdf)$ [OR]
    RewriteCond %{REQUEST_URI} protectedfiles [OR]
    RewriteCond %{REQUEST_URI} uploads [OR]
    RewriteCond %{REQUEST_URI} uploads/2019
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule ^(.*)$ ./wp-login.php?redirect_to=$1 [R=302,NC]
    # END MINIORANGE MEDIA RESTRICTION
    

    Note: I am using Kleo Theme

    Thanks again, for helping out (excellent support).

    JJ

    Plugin Author miniOrange

    (@cyberlord92)

    Hi there,

    Thanks for the information.

    I have looked into it with Kleo theme and works fine for me.
    Could we have a screen share meeting so that we can look into the issue and resolve it?

    Please drop a query on info@xecurify.com with your availability for the meeting.

    Thanks
    Team miniOrange

    Hello again. I got it to work. And it works perfect: non logged in users can’t download PDF’s (existing or new uploads) and it doesn’t break website theme.

    Here is the final htaccess code I used that works well for me.

    
    # BEGIN MINIORANGE MEDIA RESTRICTION
    RewriteCond %{REQUEST_FILENAME} ^.*(pdf)$ [OR]
    RewriteCond %{REQUEST_URI} protectedfiles 
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule ^(.*)$ ./wp-login.php?redirect_to=$1 [R=302,NC]
    # END MINIORANGE MEDIA RESTRICTION
    

    Thank you so much for your patience and help…and of course the plugin.

    Worth of 5 stars.

    JJ

    Plugin Author miniOrange

    (@cyberlord92)

    Hi there,

    Glad to hear that it works for you!!

    Earlier you were protecting the uploads folder too, when you protect this folder the media files like images, videos won’t be accessible publicly and it won’t show on your site unless user is logged in.
    This could be the reason your website theme looks like break.

    Let us know if you need any help. We’d be happy to help.

    Happy holidays and happy new year!!!

    Thanks
    Team miniOrange

    Ok, so I was being to explicit, protecting too many folders – when in reality, I just wanted to protect all PDF’s, and hence what this does:

    
    RewriteCond %{REQUEST_FILENAME} ^.*(pdf)$
    

    Thank you for the plugin – gave you guys a great review – I hope others discover how wonderful this plugin is.

    JR

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.