bueltge
commented
3 years ago upload directory
Leave a new .htaccess file inside of the /wp-content/uploads/ directory
How it works
Inside of the <IfModule> containers, there are three rules that do the following (in order):
- Check if the request is for any file
- Check for the absence of a cookie that begins with
wordpress_logged_in_ - If these conditions are met, the file request will be denied via 403 "Forbidden" response
The trick here is step 2, then check for the absence of a cookie that begins with wordpress_logged_in_. When the user is logged in, WordPress adds a cookie to your browser that looks like:
wordpress_logged_in_1234567890abcdefghijklmnopqrstuvwxyz
Example for different file types
# require login for pdf|zip|mp4|ogv|webm files
# more info: https://m0n.co/11
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} \.(pdf|zip|mp4|ogv|webm)$ [NC]
RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_([a-zA-Z0-9_]*) [NC]
RewriteRule .* - [F,L]
</IfModule>Example for all files inside the directory
# require login for media files
# more info: https://m0n.co/11
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} (.*)
RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_([a-zA-Z0-9_]*) [NC]
RewriteRule .* - [F,L]
</IfModule>Note
Helpful post https://htaccessbook.com/require-login-access-wordpress-media-files/
Uploads dürfen nicht verfügbar sein, wenn man nicht angemeldet ist.
Habe dazu mit neuer Klasse erweitert; aber gerade meine local MU mit upload zerstört, so dass Debuggen sinnlos ist.