skip to Main Content

I want to prevent non-logged in user to direct access from uploads folder inside wp-content. I have tried by putting the following rules in htaccess.conf in the AWS Lightsail server. After that, it’s working fine but the site is broken now. Can anyone help me to figure out why it’s broken? When I remove the rules from htaccess.conf the site loads fine.

<Directory "/opt/bitnami/apps/wordpress/htdocs/">
# Protect all files within the uploads folder
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
    RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
    RewriteRule . https://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]
</IfModule>
</Directory>

2

Answers


  1. Chosen as BEST ANSWER

    I have fixed it, So basically I need to prevent the direct access to a folder which is inside the wp-content/uploads folder. So I just created .htaccess files inside that folder and put following rules and it's working fine now. Thanks all

    
        RewriteEngine On
        RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
        RewriteRule ^(.*)$ - [R=403,L]
    
    

  2. Add this code in your .htaccess file.

    RewriteCond %{REQUEST_FILENAME} -s
    RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L]
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search