If you run a private community or members only website using WordPress, by default anyone can download your attachments/uploads/files. This isn’t ideal especially if you only want to provide access to these files for your members and don’t want the overhead of a members/downloads plugin.
There is a simple fix with a simple script and a few lines within your .htaccess file. Please note: this will only work on our Linux hosting platform.
How to fix
-
- Download the dl-file.php from here
-
- Upload the file to your WordPress root. The same directory as your wp-config.php
- Create or edit a .htaccess file in your root directory and add the following:
RewriteCond %{REQUEST_FILENAME} -s RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L]
That’s it, now only members/logged in users can download the websites attachments. As always, if you have any tips, comments or questions then please let us know below.
Classification: Public
Last saved: 2024/04/12 at 12:46 by Jamie