Protect Upload Path

[bueltge]

Uploads dürfen nicht verfügbar sein, wenn man nicht angemeldet ist.

Habe dazu mit neuer Klasse erweitert; aber gerade meine local MU mit upload zerstört, so dass Debuggen sinnlos ist.

[bueltge]

upload directory

Leave a new .htaccess file inside of the /wp-content/uploads/ directory

How it works

Inside of the <IfModule> containers, there are three rules that do the following (in order):

1. Check if the request is for any file
2. Check for the absence of a cookie that begins with wordpress_logged_in_
3. If these conditions are met, the file request will be denied via 403 "Forbidden" response

The trick here is step 2, then check for the absence of a cookie that begins with wordpress_logged_in_. When the user is logged in, WordPress adds a cookie to your browser that looks like:

wordpress_logged_in_1234567890abcdefghijklmnopqrstuvwxyz

Example for different file types

# require login for pdf|zip|mp4|ogv|webm files
# more info: https://m0n.co/11
<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_FILENAME} \.(pdf|zip|mp4|ogv|webm)$ [NC]
	RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_([a-zA-Z0-9_]*) [NC]
	RewriteRule .* - [F,L]
</IfModule>

Example for all files inside the directory

# require login for media files
# more info: https://m0n.co/11
<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_FILENAME} (.*)
	RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_([a-zA-Z0-9_]*) [NC]
	RewriteRule .* - [F,L]
</IfModule>

Note

Helpful post https://htaccessbook.com/require-login-access-wordpress-media-files/