Can I block files from users who are not authorised?

  • Hi Guys

    Since installing WordPress we have noticed that the paths to media files are world-accessible. Even though they should be private, if someone knows the url they can download/view the file, host it or just post the link for the world to rip.

    We have been looking at all sorts of options for obscuring/hiding the path/source but as we all know if the video is viewable it is rip-able.

    Is there anyway to create a session id perhaps or perhaps configure the authorisation module to only enable authorised users/sessions access to the file?

    Best regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Just setup hotlink protection with .htaccess. Use this generator and be sure to select “No, block blank referes”:

    https://www.htaccesstools.com/hotlink-protection/

    Thread Starter ghostcorps

    (@ghostcorps)

    Thanks

    But the .htaccess referer rules are easily bypassed eg. the refspoof extension in Firefox or the referer flag in wget. Plus it seems that authorised Mac users have alot of issues with this method.

    I am hoping for something that only allows access to the path/page/file if the user has logged in, a session id is the obvious answer but it doesn’t look like WordPress supports this. I have found the nonces (number used once) api but there are no plugins written for it.

    Surely there is a more professional option for content security? Paying for it is not an issue either if it comes to that.

    Moderator James Huff

    (@macmanx)

    But the .htaccess referer rules are easily bypassed eg. the refspoof extension in Firefox or the referer flag in wget.

    Yeah, but at least it requires quite a bit of extra effort to get around. .htaccess hotlink protection is really the industry standard.

    Plus it seems that authorised Mac users have a lot of issues with this method.

    I’ve been using a Mac for 25 years, and this type of hotlink protection on several sites, never had a problem.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can I block files from users who are not authorised?’ is closed to new replies.