Orbisius WP Media Protector

Restricts access to WP Media uploads to logged in users only.

Documents (txt, rtf, pages, pdf, docx, xlsx, pptx) are served as attachments.

If the user logs out the access to the file will be denied and the user will be redirected to the login page.

This plugin adds a better protection than the approach mentioned in How to Restrict Access to WordPress Uploads Folder to Logged-in Users only post

Video tutorial:

https://youtu.be/5j4ByB2BkMI

Installation

Step #1: Download the php file plugin from the github link below and save it in wp-content/mu-plugins/ folder. Create the folder if necessary. This is a system plugin and doesn't need activation.

https://github.com/orbisius/orbisius-wp-media-protector

Step #2: Add the following rules to the .htaccess file

[code]
# Protect all files within the uploads folder
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
RewriteCond %{REQUEST_URI} !orbisius_media_protector [NC]
RewriteRule . %1/?orbisius_media_protector=%{REQUEST_URI} [L,QSA]
</IfModule>
[/code]

Step #3: Test
Try accessing any file that resides in the uploads folder. Do the tests when you're logged in and logged out as well.

Bugs or ideas?

f you have found bugs or have ideas submit them using the link below

https://github.com/orbisius/orbisius-wp-media-protector/issues

Do you use test/staging sites? Visit qSandbox for more info.

Orbisius WP Media Protector

Installation

Bugs or ideas?

Join our mailing list