Block links to files in Uploads folder

  • Steve

    (@stevenaive)


    8 years, 4 months ago

    I’ve created a site that requires users to log in before anything can be viewed.

    I’ve noticed that if you have the link to content within the Uploads folder, you can view that content without logging in.

    This is an example of a link to an html file within my uploads folder that can be viewed without logging in: https://lms-template.trainerbubble.com/wp-content/uploads/temp/test-page.html

    Is there a way to block this type of linking, or at least re-direct it to the homepage?

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Account Removed

    (@nsabol)

    8 years, 3 months ago

    Hello Steve,

    I hope all is well.

    Depending on the type of content you would like to protect against unauthenticated linking, the Download Monitor plugin (https://wordpress.org/plugins/download-monitor/) may work.

    That is a slick solution for things like PDFs, documents, or other non-embedded content. The “Member only downloads, requires users to be logged in to download your files” feature is probably of most interest.

    Beyond that, there are a few other approaches, but I would not consider either of these as flexible or robust as the plugin:

    “Proxying” all requests for wp-content/uploads through a custom PHP script that ensures the user is logged in:

    http://0to5.com/protecting-wordpress-media-uploads-unless-user-is-logged-in/

    Implementing authentication using your webserver instead of WordPress authentication.

    If you are using Apache (for example), you could implement basic authentication, ldap authentication, etc. for your entire WordPress instance using a web server module (mod_auth_basic, mod_auth_ldap, mod_auth_cas, etc.) and the .htaccess file at the root of your site. This is not very flexible but may work for a few specific cases (or in a pinch).

    I am interested to hear what you have found (this looks like an old post) or what ideas others have as well.

    Hope this helps at least a little.

    Thank you and enjoy the day,
    -Neil

Viewing 1 replies (of 1 total)

The topic ‘Block links to files in Uploads folder’ is closed to new replies.