What the level of restriction you’re after? Just the website owners, just people logged in?
If it’s people logged in I found this really awesome script yesterday, it’s for gravity forums but can be easily edited.
I need to restrict access to selected members not just anyone logged in but I can do that by modifying the script you found to require a suitable role. I was also concerned that someone could access the upload directory directly by making up a suitable url themselves but I can stop that by moving the directory out of the web tree and setting an index.php file in the directory to stop listings. So it looks as if I have a DIY kit. I have a gravity forms license. There is a hook to change the upload directory in GF which I’ve not yet looked at too. Many thanks for your help.
besides the blank index file to stop listing’s, you can also turn off indexing with .htaccess, and this method is better because when put in your wordpress’s .htaccess, it’s residual throughout all sub-folders, so no need for tons of index files.
# DENY INDEXING
IndexIgnore */*
(PS also keep in mind, even with blank index files, not-indexed URL’s *can* be found and indexed without an index page, without being linked-to.. If I remember correctly: tracing cookies of the people who do have access to these files are one method of third parties getting them — this is why the authorization you’re now creating is such a good and needed thing).
