Open bueltge opened 11 years ago
Leave a new .htaccess
file inside of the /wp-content/uploads/
directory
Inside of the <IfModule>
containers, there are three rules that do the following (in order):
wordpress_logged_in_
The trick here is step 2, then check for the absence of a cookie that begins with wordpress_logged_in_
. When the user is logged in, WordPress adds a cookie to your browser that looks like:
wordpress_logged_in_1234567890abcdefghijklmnopqrstuvwxyz
# require login for pdf|zip|mp4|ogv|webm files
# more info: https://m0n.co/11
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} \.(pdf|zip|mp4|ogv|webm)$ [NC]
RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_([a-zA-Z0-9_]*) [NC]
RewriteRule .* - [F,L]
</IfModule>
# require login for media files
# more info: https://m0n.co/11
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} (.*)
RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_([a-zA-Z0-9_]*) [NC]
RewriteRule .* - [F,L]
</IfModule>
Helpful post https://htaccessbook.com/require-login-access-wordpress-media-files/
Uploads dürfen nicht verfügbar sein, wenn man nicht angemeldet ist.
Habe dazu mit neuer Klasse erweitert; aber gerade meine local MU mit upload zerstört, so dass Debuggen sinnlos ist.