When accessing a protected PDF file with Chrome browser, and Chrome browser setting “Settings > Privacy and security > Site settings >Additional content settings > PDF documents” is set to “Open PDF in Chrome”, the Chrome File Save dialog is triggered instead of opening the PDF in Chrome.
This seems to be for 2 reasons. In mv-file-handler.php:
Does anyone know why?
Hi,
This plugin still works great but as it is not getting maintained and updated, I am looking for alternatives. I found these 2 plugins so far, one of them only works on a limited number of files (just 9) and the pro version is pretty expensive and the other one doesn’t quite do the exact same job, I was wondering is there are any other alternatives that you suggest for preventing direct access to the file uploads
https://www.ads-software.com/plugins/protect-wp-files/
https://en-ca.www.ads-software.com/plugins/prevent-direct-access/
https://preventdirectaccess.com/pricing/
Thanks,
Sara
Hi, I am so glad I found your plugin. It seems to work fine. One thing I would like to change is that when the URL is clicked by a non-logged in user, he is redirected to the /wp-login.php/ page. My users on the front-end use a different log in page. Is there a setting where I can change the page they will be redirected to?
Thanks for your help!
Anyone know how to tinker htaccess or the plugin codes to allow google bots to craw and index docs inside the mediavault?
]]>One of my WordPress clients relies heavily on the Media Vault plugin for their membership website. In the years since installing this plugin, the support has died off and it has received the dreaded “This plugin hasn’t been updated in over 2 years” message.
It’s still a great plugin, and having looked over a good portion of the code, I think it’s very-well written. Whether the original developer didn’t have enough time or didn’t think enough people used their plugin, I still think Media Vault is worth maintaining and still using. Hopefully the community can restart Media Vault, much like they did with Postman SMTP becoming Post SMTP.
While using this plugin on PDFs and Word document files, I received the following error message. The wp_get_attachment_metadata was not returning the file URL or any information for that matter.
PHP Warning: Illegal string offset ‘sizes’
To fix, I incorporated the following code to the /wp-content/plugins/media-vault/includes/mgjp-functions.php file:
COMMENT OUT THIS LINE:
// $meta = wp_get_attachment_metadata( $attachment_id );
USE THIS FUNCTION INSTEAD:
$meta = array();
$meta[‘file’] = get_attached_file($attachment_id);
$meta[‘sizes’] = ”;
Several topics have also mentioned that files can still be accessed with this plugin. To resolve this, I wrote a custom download script that checks the permissions of the page the file was uploaded to in order to double check the logged-in user has enough permission to retrieve the file. To redirect to that download script, I have added this in the .htaccess file:
# Don’t redirect images
RewriteRule ^wp-content/uploads/(.*)\.jpg$ – [R=301,L]
RewriteRule ^wp-content/uploads/(.*)\.png$ – [R=301,L]
RewriteRule ^wp-content/uploads/(.*)\.gif$ – [R=301,L]
# Redirect to check for permissions
RewriteRule ^wp-content/uploads/(.*)$ /wp-content/themes/mytheme/download\.php?file=$1 [R=301,L,QSA]
In the future, I may also post the download script in the hope that it encourages the original developer to pickup the project or perhaps pass it onto somebody who will.
]]>Is there is support?
]]>Hi There,
Thanks for the great plugin!
Is it possible to protect files uploaded via posts and pages instead of media library?
Thanks, TF
]]>Hi,
Could you help with the settings for web.config?
right now:
<rule name="rule 1S" stopProcessing="true">
<match url="^wp-content/uploads(/_mediavault/.*\.\w+)$" />
<action type="Rewrite" url="/index.php?mgjp_mv_file={R:1}" appendQueryString="true" />
</rule>
<rule name="rule 2S" stopProcessing="true">
<match url="^wp-content/uploads(/.*\.\w+)$" />
<action type="Rewrite" url="/index.php?mgjp_mv_file={R:1}" appendQueryString="true" />
</rule>But it doesn’t work I get the impression that the is missing but I haven’t figured out how to translate and where to place it:
<condition>
<add input="{QUERY_STRING}" pattern="^(?:.*&)?mgjp_mv_download=safeforce(?:&.*)?$" />
</condition>Hi thanks for the plugin.
My website restricts the media to be downloaded/viewed only by registered users.
I would want non-registered users who try to download the files to be directed to the registration page instead of login… any ideas how to?
]]>Just add this code to functions.php to make the plugin work for new WP versions:
function fix_protected_downloads($content)
{
global $post;
if (!empty($post->post_password))
{
$content = str_replace('/wp-content/uploads', '/wp-content/uploads/_mediavault', $content);
}
return $content;
}
add_filter( 'the_content', 'fix_protected_downloads' );Hello,
I’d like to use this plugin but I’d like to make it obvious in the admin media grid view, that there are files protected (for example by adding a red border to the thumbnail), in order to make sure that an editor doesn’t accidentally use images within a public post, that are prohibited for the public.
Can anyone tell me how to achieve this?
(In the list view I see a column “Media Vault”, which is great! But I need this information as well in the grid views.
Thank you!
]]>Seems like this is for sure dead, no topics being replied to.
I’ve tried to follow the limited advice on very old threads to no avail.
Wish this worked.
]]>Everything’s working with this plugin for me except that MP3 files are not playing correctly in Chrome. They work OK in Firefox and IE. The exact issue is that the file loads and plays, but only loads the first 5 minutes or so if the MP3 is longer than that. You’re also not able to seek within the MP3 at all — can’t jump ahead to a later point or back to an earlier point.
I initially thought this was player-related, but after a lot of investigation I found that it happens regardless of whether I play the MP3 in an in-page player using the default WordPress media player, an alternate plugin-based mediaplayer, or whether I view the file directly in a browser window using the browser’s native player.
If I unprotect the same file, it works using any of the above methods.
This happens with any MP3 I try, from various sources and of various lengths. For mp3s longer than ~5 minutes, when playback reaches the end of the loaded portion, it sometimes loads another chunk, but usually just stops playing.
I assume the problem is in mv-file-handler.php but no matter what changes I make to the MIME type or other headers, I get the same results.
The only difference I can see in the network traffic is that the content range is different for the protected and unprotected versions. The “Range” field in the request header says “bytes=0-” for the protected file and “bytes=0-1048575” for the unprotected one.
It also looks like mv-file-handler.php doesn’t have anything in it to take partial content requests into account.
]]>I have a frontend upload form and need that files can be accessed only by his author.
So I do this:
On form, I add this input:
<input type="hidden" name="mgjp_mv_protected" value="on">
On my upload function, I add this line:
add_post_meta($attachment_id, '_mgjp_mv_permission', 'author');
But WordPress only create _wp_attachment_metadata values for images files. For other files, the metadata are not created. How can I solve that?
]]>This plugin works great – in fact too well.
Is there a way I can selectively secure files? Without having to go into the media library and change for each file?
Most of what is uploaded needs to be protected, but I have some files which must remain unprotected. At the moment I have to upload the files through the frontend, then go into the backend to unprotect them as the default is to protect. It would be great if I could assign certain upload fields (I am using Formidable Forms) to NOT protect the files uploaded, so it does not have to be a two stage process. Especially as this has to be done as administrator, and the users cannot upload unprotected files.
]]>Thanks again for the great plugin!
When adding new media by upload to a post / custom post via the add media button on the post editor page, there is no facility to add protection to the uploaded file in this modal. Is it possible for you to add this feature?
Thanks again – Mark
]]>although i have severall working installs on the same shared server i simply dont remember how i got Media Vault activated back when i was setting those up.
Activating automaticly doesnt work so i manually changed the .htaccess file
…
RewriteRule ^index\.php$ – [L]
# Media Vault Rewrite Rules
#RewriteRule ^wp-content/uploads(/_mediavault/.*\.\w+)$ index.php?mgjp_mv_file=$1 [QSA,L]
#RewriteCond %{QUERY_STRING} ^(?:.*&)?mgjp_mv_download=safeforce(?:&.*)?$
#RewriteRule ^wp-content/uploads(/.*\.\w+)$ index.php?mgjp_mv_file=$1 [QSA,L]
# Media Vault Rewrite Rules End
RewriteCond %{REQUEST_FILENAME} !-f
…
Permissions for wp-content/uploads is 777, anything else i could do?
]]>hi there,
media vault doesn’t seem to work at all. i have 10 PDF files that are restricted to the public and can only be viewed by logged in users. but anyone can still access them. can you assist?
Hi all,
as GeeWhiz pointed out here:
https://www.ads-software.com/support/topic/this-plugin-is-dead-and-not-working
this plugin seems to be broken within the newest (4.3.1) version of WP.
The problem: 404 error after protecting uploaded files.
@plugin author(s): Thanks for the plugin anyway. Within another project, we used it very much until now. But do you have any ideas what’s causing the problem here?
@all: Any proposals for an alternative plugin that does approx. the same thing?
Bert regards
joschi81
I installed your plugin but am still able to access PDFs that I have set to be protected.
]]>Hi – Great plugin thanks.
Is it possible to add the default protection to files added as attachments to posts in the same way it happens to files added by the add new media process in the admin menu?
Thanks – Mark
]]>Hi.
I installed Media Vault on my site to protect media files (predominently jpgs and pdf files) from being accessed unless my users were logged in.
I loaded the plugin as instructed and set permissions on each media file to media Vault On and file access permission to “logged-in users”
However when any of my logged in users now try and access the pdf files, (the pdf files are links on pages within the members area of my site), they get 404 errors. In Safari I get a message that says “Forbidden You don’t have permission to access /index.php on this server.”
As soon as I deactivate the Media Vault plugin, access is returned.
Can anybody point me in the right direction as to how to fix this. I like the plug in and it would be great if I could overcome this problem to allow me to use it.
Many thanks
]]>I’ve run across and an issue where that restricted images do not show up when part of a gallery—even if the user has access to the image. The problem shows up on most gallery options (I’m using jetpack galleries BTW), but not all them (the thumbnail and slideshow options seem to work fine).
In the link below, the first image of the gallery is restricted, the same image is also located below the gallery. When logged, in a user is able to see the image below the gallery, but the same image in the gallery does not display. Additionally, when you click on the broken image in the gallery, the image is displayed properly in the carousel.
https://proofs.paperandsage.com/2015/uncategorized/media-vault-test-page
]]>Greetings,
Definitely excited about this plugin; however, I have come across two issues right of the bat. The first is this:
Neither the default restricted image placeholder or my custom placeholder will show up on the site when an image is restricted.
On this page bellow the first image in the gallery is restricted to logged-in users as is the first image below the gallery.
https://proofs.paperandsage.com/2015/uncategorized/media-vault-test-page
The second I’ll post in its own topic.
Thanks in advance,
Chris
only allow access to files added via download link
]]>After discovering some of my protected images on google image, I dug a little deeper. I reproduce my findings to assist anyone with a similar problem.
This is the normal path for a wordpress upload.
https://example.com/wp-content/uploads/_mediavault/2015/02/kangeroo.jpg
My files are found under the following which I think this is the multisite standard.
https://example.com/files/_mediavault/2015/02/kangeroo.jpg
The standard htaccess file works for the wp-content version.
RewriteRule ^wp-content/uploads(/_mediavault/.*\.\w+)$ index.php?mgjp_mv_file=$1 [QSA,L]
My version which now blocks non-login access is
RewriteRule ^files?(/_mediavault/.*\.\w+)$ "index.php?mgjp_mv_file=$1" [QSA,L]
Not quite a full solution as it does not display an alternative jpg, but at least my images are now secure.
]]>Great plugin! I am using a custom role to do some cool stuff. Thank you!
Question: Can I customize the ‘access denied’ page for a given role (or universally, that would be fine also)?
I assume there is some callback but it was not apparent to me which or where. Or maybe its not possible ??
Tx!
]]>Take a look at https://foundation.sterndata.com/about-the-grant-process/
The image on that page is in media vault and media vault is set to logged in users. But you can see it if not logged in.
Need some help!
]]>I have realised that when I move a picture the the vault, the posts are not being updated with the new location. I have to manually edit the url from ../files/2015/07/.. to ../files/_mediavault/2015/07/..
It worked over 1000 times before! Unfortunately, the original picture is cached, so I do not realise it fails until weeks later.
]]>So clearly this plugin is dead and no longer being supported. I was hoping to ressurect it’s corpse for one last project, but it’s failing me at every turn.
Trying to restrict PDF access and it works about 11% of the time and never on already uploaded files.
Going through the very loose support comments I’ve read on here-
Htaccess rewrite is present, media library is set to default location and set to use months to separate.
Anyone have any last ditch ideas? How about an alternative method of protecting PDFs?
]]>