Prevent direct access to uploads folder for non-loggedin user (WordPress) - Apache

AbdullahAlFaruk
April 8, 2020
216 views
1 vote
2 Answers

I want to prevent non-logged in user to direct access from uploads folder inside wp-content. I have tried by putting the following rules in htaccess.conf in the AWS Lightsail server. After that, it’s working fine but the site is broken now. Can anyone help me to figure out why it’s broken? When I remove the rules from htaccess.conf the site loads fine.

<Directory "/opt/bitnami/apps/wordpress/htdocs/">
# Protect all files within the uploads folder
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
    RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
    RewriteRule . https://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]
</IfModule>
</Directory>

Answers

Chosen as BEST ANSWER
- AbdullahAlFaruk
- April 9, 2020 at 2:47 pm
- 0 votes
0
I have fixed it, So basically I need to prevent the direct access to a folder which is inside the wp-content/uploads folder. So I just created .htaccess files inside that folder and put following rules and it's working fine now. Thanks all
```
    RewriteEngine On
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
    RewriteRule ^(.*)$ - [R=403,L]
```

(Edit)

- KrupalPanchal
- April 8, 2020 at 10:56 am
- 0 votes
0
Add this code in your .htaccess file.
```
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L]
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Prevent direct access to uploads folder for non-loggedin user (WordPress) – Apache

Answers