Password protect or hide media content

  • I would like to display images on a password protected page or post. The problem is that the images themselves are still accessible using the media attachment pages or the direct link to the file. Of course this is not desired.

    But there does not seem to be a way to prevent media attachment pages nor direct image links in any reasonable way. It’s possible to remove both from Yoast SEO sitemap (it seems). But is this sufficient for nobody to know the links?
    E.g. is it otherwise possible to “crawl” the website without using actual links but rather wordpress databases or the like?
    If not, then with very complicated links, I could imagine the images to be “protected”.
    If so, complicated links are not an option.

    Or: Is there a genuine way of password protecting media?

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hi, it looks like this plugin will do what you need it to do.

    https://www.ads-software.com/plugins/password-protect-wordpress/

    Thread Starter kaimmakam222

    (@kaimmakam222)

    Hi,
    Thanks for your answer. Unfortunately it seems like a Pro upgrade is needed for the functionality I am looking for with that plugin. Do you know of any other possibilities?

    (Sorry for the late reply.)

    This plugin will take care of the attachment pages.

    https://www.ads-software.com/plugins/attachment-pages-redirect/

    No sure on hiding the image files themselves (going straight to https://example.com/path/to/media/file.jpeg). I’m working on that question for a project though, so if I figure it out I’ll let you know.

    Thread Starter kaimmakam222

    (@kaimmakam222)

    Thanks for the reply.

    The redirect is good to deter normal users already. However I guess that experts could still go through the folders on my web server and find the images.

    Yes please let me know if you find out.

    No one should be able to look through the folders on your web server. That’s called directory browsing and the WordPress core is designed to prevent that. So unless you modify core or use a non-standard file structure (and delete/remove the index.php files you find throughout core), no one should be browsing your files.

    The primary way your media files might still end up being exposed is if someone with legitimate access to the content access the media URL directly and shares that URL on social media ,embeds it on their own site, or shares it in some other public form.

    Thread Starter kaimmakam222

    (@kaimmakam222)

    Oh ok, that’s very good. So unless I explicitly list my images via posts or pages or for example through XML sitemaps or robots.txt (*) the links to the media files themselves should be private. Only people who know the links can access the pictures then, right?

    So if I store media under /wordpress-content/…/<random_string>.jpg then it’s quite safe, right?

    None of the media is of really sensitive nature, but rather something I wouldn’t normally share openly with everyone.

    Thanks so much for your help.

    (*) Are there other ways of (accidentally) publishing links to media files?

    What you’ve written above is generally correct. However, keep in mind that anyone who views your site can right-click, inspect element, and locate the URL for the image. In addition, if your page is crawlable by search engines, they may locate and index your images. Lastly, anyone can take a screenshot of your webpage and then use that screenshot to share the image.

    So, if the image(s) is really something you don’t want to get out in the open, the only thing you can do to really to ensure it’s utmost safety, is to not publish it.

    Edit: I just remembered that this is about private pages. Search engines won’t index images on private pages, but if the images are displayed on any non-protected pages/posts, then they may locate and index them.

    • This reply was modified 8 years, 3 months ago by jpen365. Reason: Remembered this question was about password protected pages
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Password protect or hide media content’ is closed to new replies.