Private Uploads

Private Uploads Install Statistics

0
100%
Today: 0 Yesterday: 0 All-time: 3,583 downloads
Private Uploads Icon

Try plugin: Private Uploads

We'll create fresh WordPress site with Private Uploads installed. You have 20 minutes to test the plugin after that site we'll be deleted.

Takes ~10 seconds to install.

About Private Uploads

Protects sensitive uploaded files so that only logged-in users can access them. The plugin depends on corresponding web server (e.g.

3


0


0


0


0

updated: 5 years ago
since: 7 years ago
author: Chris Dennis

Description

‘Private’ uploaded files (PDFs, images, etc.) will normally be only included in private posts and pages. But the files themselves can still be accessed by anyone if they know the corresponding URLs.

For example, a PDF file’s URL might be

http://example.com/wp-content/uploads/minutes-20160924.pdf

and anyone could download that file because WordPress does not get a chance to check their authorisation.

The solution that the Private Uploads plugin uses involves moving any private files to a separate folder, and then configuring the web server to ask WordPress to authenticate access to files in that folder.

So the file’s URL might now be

http://example.com/wp-content/uploads/private/minutes-20160924.pdf

and an HTTP server rewrite rule will convert this to

http://example.com/?pucd-folder=private&pucd-file=minutes-20160924.pdf

The Private Uploads plugin will intercept that URL and reject it with a 403 status code.

This plugin is more efficient than some similar ones because it only has to run when serving files in the private folder(s): the web server handles other uploaded files (ones not in the private folders) directly.

Requirements

  • Sufficient access to the web server to allow the required configuration.

Acknowledgements

Future Plans

  • Currently, access to private files just depends on the is_user_logged_in() function. This plugin could be developed to give more fine-grained control, such as having a folder for each user.