• Resolved incite

    (@incite)


    Hello!

    Hopefully you’ll be able to help me with this, I’m wondering if it’s possible to password protect a directory which uses the WordPress Users database for authentication when a file in that directory is attempted being accessed? I’ve tried many plugins but most seem to be crudely hiding the URL of a file as opposed to actually securing a directory.

    Here’s what I want to do, I want to offer a file for download which is only visible to subscribers of my blog. At the moment I’m doing this by simply hiding the link based on if a user is logged in at theme level. I’d love to move to getting this sorted at folder level if anyone has any ideas how? I just don’t want people sharing the raw link of files.

    I do have cPanel too which could be used to secure a directory, is there a way to make wordpress talk to cpanel authentication? Are there any plugins which you think I may have missed?

    I really appreciate if you could point me in the right direction it’s either that or a wall very near me is going to have a shape of my head imprinted on it!

    Thanks!

Viewing 10 replies - 1 through 10 (of 10 total)
  • Well, there is a solution, but it’s not as straight forward.

    the e-commerce plugin allows downloads. It also allows you to require registration before checkout.

    Make the download file very expensive. You can use a coupon code that would effectively make the purchase free. Share the coupon code via email with your subscribers.

    Thread Starter incite

    (@incite)

    Thanks! I actually managed to sort out this issue by storing the file in a directory which has a 401 re-direct via the htaccess file based on whether the user was logged in or not, the link to the file is then only visible to people via hiding the link in a custom meta field unless the user is logged in at theme level.

    Quite a lengthy process but I got there in the end!

    Hey incite,

    Can you please post the code? I’m looking for exactly the same thing. Would save me alot of time!

    Thanks in advance.

    Thread Starter incite

    (@incite)

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^.*uploads/premium/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule . /index.php [R,L]
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Here is my htaccess file, the directory i protected was “uploads/premium/” so changing the directory to the one you have configured should help. I used a plugin to change the directory of uploads which made it easier to handle files and paths in the media gallery.

    To hide the url completely at theme level I used some PHP such as:

    <?php $secretlink {get_post_meta bla bla bla}; ?>
    <a href="<?php if logged_in {get_post_meta echo '$secretlink'}; ?>">Secret link here</a>

    Sorry that PHP markup is just a made up language ha ha I imagine you know how to do this but if not i’ll give you a more ample reply tomorrow with real PHP code and better comments!

    Hey!

    Thanks alot! Just exactly what I was looking for. The PHP I can handle, it’s just this small hacks with htaccess that I’m not that in to.

    What plugin do you use? I’ve using wordpress for a custom CMS for a project with a lot of filesharing (mostyl PDF’s). So I made my own filehandler for uploading documents and such and leaved the wordpress-uploads for pictures in the blog/news.

    Again – thanks!

    Thread Starter incite

    (@incite)

    The website I used this for was also for a heavily customised CMS of wordpress. We wanted users to be able to register for a service the company offered – Once registered those users could see/access “premium content”. However we still wanted certain uploads to be open to everyone as and when chosen… most importantly done really really easily for people who don’t know about code.

    I’ve heavily modified the Register-Plus plugin for the registration section and use the “Relocate Upload” plugin by Alan Trewartha to relocate files upon upload – this plugin was great because it provided the direct link which could be pasted automatically into a secret link box with a bit of JS and didn’t rely on the end user messing with long urls! Probably the most complicated WordPress install i’ve ever done!

    It took me about 2 weeks to find out about the htaccess solution so i’m glad I could help you out faster than it took me! Now i’m finding solutions with htaccess rules all over the place!

    Hi incite, hope you still following this thread.

    Tried your code to protect a directory on the same level as wp-content, but it doesn’t seem to take effect.

    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]

    However I can still access the PHP files directly even when I’m not logged in.

    Any help please?

    Thread Starter incite

    (@incite)

    @mingya

    Can you paste the contents of your .htaccess file please, and write out the path of the presentation folder. Is the presentation folder within the uploads directory or is it in a directory of it’s own? I.e.

    root/presentation/
    Or
    root/uploads/presentation/
    root/wp-admin/presentation/ etc

    It may be that you are not supplying a Rule for the RewriteCond i.e. your .htaccess file may read:

    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]

    When it should read:

    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule . /wp-login.php?redirect_to=%{REQUEST_URI} [R,L]

    @incite

    The path to presentation folder is

    /www/sandbox/html/presentation/
    /www/sandbox/html/wp-content/
    /www/sandbox/html/wp-admin/

    Basically the root of WordPress installation is:
    /www/sandbox/html/

    Here is my htaccess:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^.*presentation/.*
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule . /index.php [R,L]
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Thanks for helping.

    btw, this htaccess is in the wordpress installation folder

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Password protect a whole directory?’ is closed to new replies.