Wordpress / htaccess - prevent non-admin users to access specific media folders

0 投票
最新提问 用户: (120 分)

My issue is the following, I need to secure a specific subfolder in my /uploads/ to protect some user files and it should be only accessible from administrators.

Basically, I have a folder called wp-content/uploads/usersdocs/ where my users are uploading their documents to get verified. Of course this folder should not be accessible from anybody else then administrators who instead will check these files for veryfing personal data.

I've read about using rewrite conditions in .htaccess but somebody said that it's not the best solution. Example I've tried (just for loggedin users and without success):

RewriteCond %{HTTP_REFERER} !^https://(www\.)?www.mywebsite.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ https://www.mywebsite.com/ [NC]

Could you please give me some direction, if possible?

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。