Prevent direct access to plugin folder

  • Hi There,

    I am looking to prevent direct access to a plugin folder that cointains private documents and images. I only want users that are logged in to be able to view this folder contents. I have tried to achieve this by placing .htaccess inside that folder. However am having no joy, can anyone see where i am going wrong?

    RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https://(www\.)?mywebsite\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ https://mywebsite.com/ [NC]
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter flippyr

    (@flippyr)

    anyone?:)

    Not sure you’d be able to allow it per logged in user, but what you could do is prevent people from directly accessing it. So if I were to go to yourwebsite.com/wp-content/ I’d get a 403 forbidden error message.

    To do this you can create a new file called .htaccess and simple write inside the file: –
    deny from all

    Save it and upload it to your /wp-content/ folder. It’ll still allow you to reference things from it so images will still show up. The only different is that directly going to anything in that folder will be blocked.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Prevent direct access to plugin folder’ is closed to new replies.