Restrict access to uploaded files to logged in users only (Nginx)

  • I can restrict users to see files when logged in through the posts page. But they still get a direct link to the file where it is stored in the wp-content/uploads/ directories.

    Then, if they are logged out, they can still use that direct link to access the file. How do I prevent this?

    I’m running wordpress on NginX, so it can’t be an htaccess thing. But I swear I’ve seen this done before, so it has to be possible. But I can’t figure it out.

    So how do I get wordpress/nginx to STOP ‘the world’ from accessing my uploaded files, but still allow logged in users to access those files when they visit my posts?

Viewing 1 replies (of 1 total)
  • Thread Starter nertskull

    (@nertskull)

    I think I found a bit more info. I’ve done this before with the user access manager plugin. But it uses .htaccess to help. So, my thought is, if I could ‘translate’ that htaccess to nginx, maybe that would help? I guess that makes this more of an nginx question, but if any one can help that, or better yet find another wordpress way to do this, that would be great.

    This is the wordpress htaccess file created by uam.

    <IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule (.*) /index.php?uamfiletype=attachment&uamgetfile=$1 [L]
</IfModule>

    I’ve tried changing that to nginx style, but I’m not getting it right apparently.

Viewing 1 replies (of 1 total)
  • The topic ‘Restrict access to uploaded files to logged in users only (Nginx)’ is closed to new replies.