Home  ›  How to Block Access to Wp Upload

How to Block Access to Wp Upload

Written By Monday, April 11, 2022 Add Comment Edit

Content and files are the chief assets of whatever WordPress site. While the website content can be protected by a password or membership plugins, there is no easy manner to protect media files on your site.

As a matter of fact, membership or download plugins tin secure and restrict your page and post URLs to logged-in users or paid members. All the same, media files embedded into content are still attainable to the public. In fact, anyone with directly links to those files can access and download them. They tin even be hotlinked from other websites also.

This poses a threat to your WordPress site as your valuable files and gray matter tin can be stolen at any time.

In this article, nosotros'll provide you with multiple solutions on how to go on prying optics out of your media files.

Past the stop of this article, yous'll know:

  • How to restrict wp-content/uploads access to logged in users
  • How to prevent hotlinking of media files
  • How to Protect WordPress files with Foreclose Direct Access Gold plugin
  • How to protect WordPress uploads and media files

Let'southward become started!

How to Restrict wp-content/uploads Admission to Logged In Users

WordPress stores all of your images and media uploads in the wp-content/uploads directory.

Imagine that you're a vocaliser and yous make a living past selling music videos to registered members on your WordPress site. What happens if your albums in your wp-content/uploads folder are accessed by non-logged in users and leaked out? You'll endure a huge loss in acquirement. To avert that scenario, you demand to play some tricks with the .htaccess file.

Annotation: At that place's a good take a chance that you'll modify some codes in the .htaccess file. In that case, remember to create a fill-in of your .htaccess file beforehand.

Open your .htaccess file in the root folder of your WordPress site and insert the following code snippet into it.

          <IfModule mod_rewrite.c>     RewriteEngine On     RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]     RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]     RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [50,QSA] </IfModule>

The codes above are used for total direct access brake to all of the files residing in the wp-content/uploads binder.

If you'd similar to prevent direct access to only some specific files, copy and paste the codes below to your .htaccess file:

# Protect only some files within the uploads binder 

          <IfModule mod_rewrite.c>     RewriteEngine On     RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]     RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.*\.(?:gif|png|jpe?g|pdf|txt|rtf|html|htm|xlsx?|docx?|mp3|mp4|mov)$ [NC]     RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA] </IfModule>

How practise the two code snippets above work?

In the fourth line, the mod_rewrite module checks to meet if there's a cookie whose name contains "wordpress_logged_in." If non, information technology means that the user is not logged in.

The side by side rule checks if the user is trying to access any files in the wp-content/uploads folder.

The final line redirects the user to a login page. If they successfully log in, they will be taken to the files they're trying to access.

We've shown you how to restrict the straight access to files in the wp-content/uploads folder confronting non-logged in users. Allow's move to the next function of how to foreclose your media files from hotlinking.

How to Forestall Hotlinking of Media Files

Hotlinking happens when other people use images and other media files, such as videos, and audios from your website and embed them straight on their site. Unless you allow them to hotlink your media files by providing the embed code, that'due south considered stealing and violating copyright infringement. Information technology also takes up your server bandwidth and resource.

To forestall hotlinking of your images and other media files, you lot first need to upload all of your important media files to another directory, then add the post-obit lawmaking snippet to your .htaccess file:

# Brainstorm Hotlinking Protection 

          RewriteEngine on  RewriteCond %{HTTP_REFERER} !^$  RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com/wp-content/uploads/important/.*$ [NC] RewriteRule .(gif|jpg|jpeg|bmp|zip|rar|mp3|mp4|flv|swf|xml|php|png|css|pdf) $ - [NC,F,Fifty]

Brand certain that you replace "domain.com" with your site.

If you want to evidence a "No Hotlinking" custom page instead of a usual mistake message to those who hotlink your media files, merely modify the "RewriteRule" in the codes below a bit:

          RewriteEngine on  RewriteCond %{HTTP_REFERER} !^$  RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/wp-content/uploads/important/.*$ [NC] RewriteRule.(gif|jpg|jpeg|bmp|zip|rar|mp3|mp4|flv|swf|xml|php|png|css|pdf)$ http://www.domain.com/no-hot-linking.jpg - [NC,F,L]

In the codes in a higher place, "http://domain.com/no-hot-linking.jpg" is the direct link to the image you're using equally a customized error message.

You tin can also add a few tweaks to that lawmaking snippet for redirection purposes. Past changing the concluding line to a specific URL of your homepage or a landing page, you tin request users to become a member to access your media files.

In case you'd like to deny hotlinking simply still allow certain search engines and social media platforms to admission your files, yous can add the following code snippet to your .htaccess file:

          RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/wp-content/uploads/of import/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(world wide web\.)?bing.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(world wide web\.)?yahoo.com [NC] RewriteRule .(gif|jpg|jpeg|bmp|zip|rar|mp3|mp4|flv|swf|xml|php|png|css|pdf)$ http://world wide web.domain.com/no-hot-linking.jpg - [NC,F,Fifty]

Don't forget to replace "domain.com" with the bodily website name.

The .htaccess method seems straightforward and practical indeed. However, if y'all're a consummate WordPress novice and not so confident when it comes to codes, y'all should consider using a plugin to block direct admission to your files.

Information technology's when the Prevent Direct Access (PDA) Gold plugin comes to play!

Limit WordPress Media Library Access with PDA Aureate

Prevent Direct Access (PDA) Aureate offers a friendly and effective solution to preclude your WordPress files from being indexed by search engines and stolen past unwanted users. The plugin protects unlimited media files and all file types such as images (PNG, JPEG), documents (PDF, DOCX, PPTX), audios, and videos (MP4, MP3) that you upload to your website under Media Library or via Media, Pages or Posts.

What'southward more, PDA Gold enables you to set user permissions with a few simple clicks.

Let's explore PDA Aureate central features.

Restrict WordPress Media Visibility to Authorized Users

Once protected by PDA Golden, your private files volition no longer be accessible to anyone except those you lot've granted permission.

Customizing the "No Access" page: The plugin allows you lot to testify your custom page instead of the 404 error message. You tin can request unauthorized users to login, become a member to access the protected files by redirecting them to a registration or login page.

Restricting access by IP addresses: Prevent Straight Admission  enables you to take total control over your individual download links by blocking unwanted IP addresses accessing your files. Plus, with the Gold version, you'll be able to also set motorcar expiration on numbers of clicks or days.

Cake Google Indexing of Private Files

The plugin informs Google and other search engines not to index any of your protected files. Your protected files and download links won't be shown up on the search results.

PDA Gold also comes with basic WordPress security features.

Cake access to WordPress uploads directory: Under the plugin protection, the wp-content/uploads folder where you store all media uploads will be prophylactic from outsiders. No one will be able to sneak and browse your media files whatsoever more.

Preventing image and file hotlinking: Thank you to this feature, no one tin can steal and use your images and files without permission. It restricts usage of your media files, which stops others from sneakily embedding these URLs into their websites.

How to Protect WordPress Uploads and File Downloads

And then how to secure WordPress files using Prevent Directly Access?

Get-go, you demand to install the Prevent Direct Access Low-cal and Gold plugin on your WordPress dashboard, under "Plugins."

Now, start to protect your media files.

  • Click on "Media."
  • Choose "List View" mode.
  • There's an extra cavalcade named "Prevent Direct Access" generated past the plugin. Click on "Protect this file" selection if you want to prevent others from accessing that file.
  • The file is now protected.

Make certain that yous articulate all caches, including your hosting cache, cache plugins, and browser enshroud. Your important files and their private links may not be protected correctly if they're buried.

Grant Private Files Admission to certain Domains/Referrer URLs

Apart from preventing direct access and hotlinking to your file URL, some other key feature that you lot desire to achieve is to let admission from your own or sure desired domains.

In other words, you tin can restrict file access to certain users depending on where they come up from, i.e. referer links.

For instance, you tin specify only those who come from youraffiliatewebsite.com tin can download your private PDF files. Those with direct file URL won't be able to practise so.

Binder Protection: Protect WordPress Directories

Instead of protecting files individually, you can block direct access to all files under a particular folder with Access Restriction on tiptop of PDA Golden.

To use the folder protection feature, merely select a folder at the root or WordPress uploads directory to get started with. So choose which user roles or username who can admission those folders directly.

Yous can as well select which file types to protect on those directories, e.m. only PNG and PPT.

Secure WordPress Files & Uploads Directory Now

We've provided you with 2 efficient solutions to preclude directly access to your wp-content/uploads folder likewise equally securing your WordPress media files confronting hotlinking and unauthorized users.

You tin can either add some code snippets in your .htaccess file or accept the soft option of using the Preclude Directly Access Gold plugin. E'er bear in heed to back up your .htaccess file and your site beforehand, since a small mistake fabricated in that file tin can interruption your site severely.

What are you lot withal waiting for? Protect your valuable files and media now.

Let us know what solution you're using to block direct access to your media files by leaving a annotate below.

Photograph by Jon Moore on Unsplash

stuartwousely.blogspot.com

Source: https://www.noupe.com/wordpress/how-to-protect-wordpress-files-and-uploads-folder.html

0 Response to "How to Block Access to Wp Upload"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel