[wp-hackers] securing /wp-content/uploads
Frank Bueltge
frank at bueltge.de
Thu Apr 5 21:20:42 UTC 2012
I have an full plugin, but current an customer solution, not free. But I
think, you see on my answer on wpse the solution or use hakres hint.
Best regards
Sorry für die kurze Mail, vom Mobile gesendet.
Am 05.04.2012 20:32 schrieb "Brian Layman" <wp-hackers at thecodecave.com>:
> Awesome find Frank! Thanks for posting that. I was actually noodling over
> how combine restricted uploading with the member plugin to do this for a
> charity site I'm working with. I may turn this into a full blown plugin.
>
> Thanks!
>
> Brian Layman
>
>
> On 4/5/2012 1:34 PM, Frank Bueltge wrote:
>
>> check this; also to find via google
>> http://wordpress.**stackexchange.com/questions/**
>> 37144/how-to-protect-uploads-**if-user-is-not-logged-in/37765<http://wordpress.stackexchange.com/questions/37144/how-to-protect-uploads-if-user-is-not-logged-in/37765>
>>
>> Best regards
>> Frank
>>
>>
>>
>> On Thu, Apr 5, 2012 at 6:55 PM, Bill Dennen<dennen at gmail.com> wrote:
>>
>>> You might also look at WP Document Revisions -- one of its features is:
>>>
>>> --
>>> Access Control - Each document is given a persistent URL (e.g.,
>>> yourcompany.com/documents/**2011/08/TPS-Report.doc<http://yourcompany.com/documents/2011/08/TPS-Report.doc>)
>>> which can be private
>>> (securely delivered only to members of your organization), password
>>> protected (available only to those you select such as clients or
>>> contractors), or public (published and hosted for the world to see).
>>> If you catch a typo and upload a new version, that URL will continue
>>> to point to the latest version, regardless of how many changes you
>>> make.
>>> --
>>>
>>> Note, this isn't perfect, or 100% secure, in fact. The actual file is
>>> still on your server, with a long name filled with seemingly random
>>> characters. Difficult, but not impossible, to guess.
>>>
>>> http://wordpress.org/extend/**plugins/wp-document-revisions/<http://wordpress.org/extend/plugins/wp-document-revisions/>
>>>
>>> On 5 April 2012 17:49, Eric Mann<eric at eam.me> wrote:
>>>>
>>>>> My recommendation would be to use .htaccess to require authentication
>>>>> for
>>>>> that directory.
>>>>>
>>>> ______________________________**_________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
>>> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>>>
>> ______________________________**_________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
>> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>>
> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>
More information about the wp-hackers
mailing list