How to restrict user access to "upload" file (2 posts)

  1. Palauphish
    Posted 1 year ago #

    On my site, I have a “resource” page where I have uploaded some documents using the “media” tab. I have uploaded various .pdf files for quick access by clients and staff. When a client clicks on the .pdf, it leads them to:


    The problem is, if someone removes the “/example.pdf” it leads them to:


    And now they can access the index of all of my media uploads which includes my logo, pictures and other things I do not want users to access.

    Any ideas on how I can restrict access to this with people simply deleting the end of the extension?

  2. bemdesign
    Posted 1 year ago #

    They would still need to know the exact filename to see anything though - just going to the uploads folder shouldn't show anything if you have your server configured that way. If you want you could also create an empty index.php file that has <?php //silence is golden and that would pretty much make it impossible for anyone to see anything in the uploads folder unless they knew the exact URL to a specific resource. Finally there's plugins that can provide additional media management solutions that can help restrict access.

Topic Closed

This topic has been closed to new replies.

About this Topic