Support » Fixing WordPress » How to restrict user access to "upload" file

  • On my site, I have a “resource” page where I have uploaded some documents using the “media” tab. I have uploaded various .pdf files for quick access by clients and staff. When a client clicks on the .pdf, it leads them to:

    The problem is, if someone removes the “/example.pdf” it leads them to:

    And now they can access the index of all of my media uploads which includes my logo, pictures and other things I do not want users to access.

    Any ideas on how I can restrict access to this with people simply deleting the end of the extension?

Viewing 1 replies (of 1 total)
  • They would still need to know the exact filename to see anything though – just going to the uploads folder shouldn’t show anything if you have your server configured that way. If you want you could also create an empty index.php file that has <?php //silence is golden and that would pretty much make it impossible for anyone to see anything in the uploads folder unless they knew the exact URL to a specific resource. Finally there’s plugins that can provide additional media management solutions that can help restrict access.

Viewing 1 replies (of 1 total)
  • The topic ‘How to restrict user access to "upload" file’ is closed to new replies.