• Resolved IT Hertz

    (@it-hertz)


    I only need a few media files protected from direct URL access. This plugin does that, BUT… It also blocks all non-Admin logged in users from accessing anything on the site, including the home page! It throws a 404 for every page except for Admin and logged out users.

    I’m using Ultimate Member and have no issues with user/role access. Unfortunately, UM devs don’t care about blocking direct URL access to files and recommend those who inquire to look elsewhere for a solution, so I tried yours.

    The only remedy for this behavior right now is to deactivate your plugin.

    Is this a compatibility issue with UM or a bug?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author BWPS Team

    (@buildwps)

    Hi @it-hertz,

    Thanks for reaching out to us.

    Just to clarify, our PDA plugins only protect files against direct access. We do not restrict access to your pages.

    Our PDA plugins are also compatible with Ultimate Member plugin. We even use that plugin on our testing sites.

    So at first glance, there could be a conflict somewhere. To assist you better, could you please provide us with the following information?

    1. A screencast of the issue you’re facing
    2. Some screenshots showing your file protection configuration
    3. Your site URL and a sample logged-in account for us to double-check

    You might also want to send these details to our support email – hello(at)preventdirectaccess.com so that our team can support you faster, @it-hertz.

    Plugin Author BWPS Team

    (@buildwps)

    Hi @it-hertz,

    Hope you’re doing well as usual.

    We haven’t heard back from you for a while now. So we’d like to follow up wondering if we can be of any further assistance.

    Have you managed to get the issue resolved yet, @it-hertz?

    Please reply to this support thread or drop us an email at hello(at)preventdirectaccess.com so that we can assist you further.

    Awaiting your reply.

    Thread Starter IT Hertz

    (@it-hertz)

    Hello,

    I did some additional testing just now with your plugin being the ONLY one activated and with various themes, including vanilla ones like Twenty Twenty.
    I set 3 PDFs and no other files to be protected via your plugin.

    The problem is Restrict Media Library Access.

    When that option is disabled, the site works normally for all logged-in users, regardless of roles and permissions/capabilities, and all non-logged-in users. This is the case regardless of which other options in your plugin are enabled or disabled.

    When I then enable Restrict Media Library Access, only the Administrator can view the site normally. For all other logged-in users, regardless of roles and permissions, all pages of the site throw a 404 and the main nav bar gets deleted! Yet, non-logged-in users can see and use the site normally.

    I don’t have any external redirect rules or anything else in functions.php that would be causing a conflict with your plugin.

    This is my .htaccess with no other plugin but yours activated and per above tests (all options with and w/o Restrict Media Library Access enabled; same .htaccess with both conditions):

    # BEGIN WordPress
    # The directives (lines) between "BEGIN WordPress" and "END WordPress" are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    # Prevent Direct Access Rewrite Rules
    RewriteRule private/([a-zA-Z0-9]+)$ index.php?pda_v3_pf=$1 [L]
    RewriteCond %{REQUEST_FILENAME} -s
    RewriteCond %{HTTP_USER_AGENT} !facebookexternalhit/[0-9]
    RewriteCond %{HTTP_USER_AGENT} !Twitterbot/[0-9]
    RewriteCond %{HTTP_USER_AGENT} !Googlebot/[0-9]
    RewriteRule wp-content/uploads/_pda(\/[A-Za-z0-9_@.\/&+-]+)+\.([A-Za-z0-9_@.\/&+-]+)$ index.php?pda_v3_pf=$1&is_direct_access=true&file_type=$2 [QSA,L]
    # Prevent Direct Access Rewrite Rules End
    # Prevent Direct Access Prevent Hotlinking Rules
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^https://mystagingsite.com/ [NC]
    RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|png|css|pdf)$ - [F]
    # Prevent Direct Access Prevent Hotlinking Rules End
    
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    Options -Indexes
    
    # END WordPress
    php_value upload_max_filesize 64M
    php_value post_max_size 128M
    php_value memory_limit 256M
    php_value max_execution_time 300
    php_value max_input_time 300

    This issue was also occurring before I increased the upload file size limit, which I did after uninstalling your plugin, before reinstalling just for the above tests.

    Hope this helps.

    • This reply was modified 2 years, 4 months ago by IT Hertz.
    Plugin Author BWPS Team

    (@buildwps)

    Hi @it-hertz,

    Thanks for your detailed reply.

    We installed the Restrict Media Library Access on our testing site but haven’t been able to reproduce the issue yet.

    Anyway, its main function, i.e. restricting media file access to file authors only, is available in our PDA Lite plugin.

    So you do not need to use that plugin, which seems to be abandoned by its authors.

    As for the issue when protected files are accessible, it could be something to do with caching issues or your server configurations.

    Could you please move our rewrite rules to below this line RewriteRule ^index\.php$ - [L] and see if it works?

    Otherwise, please provide us with the following information so that we can advise you better:

    1. Both protected and private URLs of a sample protected file
    2. Caching plugins, server cache, or CDN you’re using
    3. Your hosting provider

    You might also want to send these details to our support email – hello(at)preventdirectaccess.com so that our team can support you faster.

    Thread Starter IT Hertz

    (@it-hertz)

    We installed the Restrict Media Library Access on our testing site but haven’t been able to reproduce the issue yet.

    Anyway, its main function, i.e. restricting media file access to file authors only, is available in our PDA Lite plugin.

    So you do not need to use that plugin, which seems to be abandoned by its authors.

    I was referring to your plugin with that option enabled. I had never installed the other plugin you mentioned.

    Could you please move our rewrite rules to below this line RewriteRule ^index\.php$ – [L] and see if it works?

    I’ll try that and get back to you with results.

    Hi @it-hertz,

    How are you today?

    We’d like to follow up with you and see how things are going.

    Have you successfully protected your files yet?

    Is there anything else that we can do to help?

    Let us know.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘logged in users blocked’ is closed to new replies.