Support » Everything else WordPress » Membership area “.htaccess style”

  • I am not sure is this easy question or not. But 8 hour coding session answer is: “Extremely difficult”.

    Simply, I want make “traditional .htaccess-style protected membership pages”. It is, without wordpress I can simply make folder, make password protection and put all to this folder. index.html, pdf-files, etc etc.

    Password protection: Yes, it work in WordPress. Simply “page” and “password protection”. This is enough, BUT if I add some media… it is just in “public wordpress folder” and direct access.

    Plugins cannot help me: Eg. “Ultimate member”, “simple membership” this all make very difficult way. Pluginless is also impossible: “check user logged in” ok, but still: no media protection. In history it was easier: simply make password protected folder, as I said.

    All my page is “traditional technology homepage”, much public media, pages etc.

    Most typical way is, I make user and pw manually, meself. This is quite similar than eg. schools: teacher make homepage and tell username and pw to students. Students can read some documents, fill answering forms etc. Username + pw is not individual: it is, “username: classgrade5, pw”. So, all students use same username and pw. Reason my case is just as school, I use “students”, “class” etc instead customer…

    So: I try make password protection incl pages and media, and, as I wrote, “old way is password protected folder”.

    mydomain.com/students/class1 is log in page, and username is class1students and password is password.
    Or,
    mydomain.com/students/class2 and username class2students and pw.. etc…

    As you see, this is very simple. Of course I can accept password protected page: it is most easiest way. But, in WordPress it is unpossible protect media. (… “is user logged in” php is excelent, but it is only for posts and pages, for media not…)

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • So… what’s your question? If .htaccess protection works for you, what’s stopping you from doing it? What am I missing?

    Thread Starter Jukka Kähkönen

    (@elkesan)

    Ehm, “if you can do it simply, if you can make it difficult way”…

    Simply I want add password protected area:

    domain.com/students/class1 (etc, …/class2, class3). Password protected, and also media files protected.

    Reason my homepage is builded using wordpress, it is not clever idea mix wordpress and old-style-tech. .htaccess is example: in history it was simple. public_html/students/class1 is folder and password protection protect all inside this folder. In wordpress ONE PAGE password protection is easy and standard. But, if anyone know direct address of the media file, he can open it. ….domain.com/wp-content/uploads/mediafile.pdf… also google index it.

    So: Problem is, password protected area, membership area, also media files protected. Just as password protected folder in history, but WordPress-way. It I need.

    Thread Starter Jukka Kähkönen

    (@elkesan)

    Ok:

    https://elkesan.fi/this-is-basic-password-protected-page/

    This is basic wordpress password protection. Password is testpassword.

    When you open this, you can see there is test pdf file.

    1. If you know direct media address, you can open it without logging in: https://elkesan.fi/wp-content/uploads/testpdf20201104.pdf .
    2. Also search engines can crawl it. So, it is extremely public.
    3. Address is not fully customizable: it is domain.com/pagename. “Folder style” not possible: domain.com/maingroup/group etc. (Eg. domain.com/students/class1…)

    How to solve?
    – …domain.com/wp-login, user: class1, pw —-> open domain.com/students/class1….
    (or domain.com/students/class1 —> open domain.com/wp-login, user class1, pw —> open domain.com/students/class1….)

    In my opinion this all is easy. But, media files (wp-content/uploads etc) are allways public.

    In my opinion this all is easy. But, media files (wp-content/uploads etc) are allways public.

    Uploads are public because the vast majority of WordPress site users want their uploads public and indexable by search engines. Luckily, WordPress is open source, and numerous solutions exist (in the form of plugins) for people who want to protect their uploads.

    It seems to me we’re dealing with the so-called project triangle here:

    The static .htaccess access control list can be (relatively) secure and easy to implement. But it’s not going to have any features. Eg: what happens when one of your users forgets his/her password?

    Using the native WordPress protection (password-protected page or private page) is easy and has basic user management features. But as you’ve said yourself, files are not protected in any way, so the level of security you need isn’t there.

    If you want a solution that is secure and feature-rich (at least having WordPress’ basic user management), expect a higher level of complexity.

    There are plugins (eg Prevent Direct Access, Prevent File Access, Easy Digital Downloads, etc) that can lessen the complexity while solving this “security” problem, but then you say plugins cannot help you because they are complicated.

    Let’s hope someone else can join the discussion and offer a solution that checks off all your requirements: easy to implement, protects your files, and without using any plugin.

    Good luck!

    • This reply was modified 2 years, 3 months ago by George Appiah. Reason: Fixed a typo
    Thread Starter Jukka Kähkönen

    (@elkesan)

    I understand.

    Main problem is: “I want also protect media files”. Follow this, all goes more complicate.

    Membership area is quite easy to build: Using plugin, using native wordpress protection and even tradiotional .htaccess.

    But, if want protect media also, this is not easy. It is “All or nothing”. Look it is no any plugin “selective protect”: Protection is allways “prevent all hotlink to media”.

    It is no any method make any selective system. Selective system is: “Select some files for protection”. Or, “make any folder -virtual or physical- contain files for protection”.

    So: this system is not possible with plugins and also wordpress natively does not support this. Now I see, this is not possible “easy way” and “native wordpress”: If any solution is, it is plugin. No other way.

    Look it is only way make: 1, own plugin. 2, compromise, it is, can I make “prevent hotlink”. 3, make extra homepage for membership.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Membership area “.htaccess style”’ is closed to new replies.