[wp-trac] [WordPress Trac] #33230: Add Restricted Access to Media Library

WordPress Trac noreply at wordpress.org
Sat Aug 1 17:31:27 UTC 2015

#33230: Add Restricted Access to Media Library
 Reporter:  shooper         |      Owner:
     Type:  enhancement     |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Media           |    Version:
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
 I've had many WordPress site owners who've e-mailed in a panic when they
 discover that a PDF, Word Doc, Spreadsheet, etc. they've uploaded in the
 Media Library has been discovered on Google with information that wasn't
 intended to be public.  They thought that because the post or page that it
 was linked to was restricted, so what the media within.

 The solution to this (for me) as been to move these files into a new
 folder, restrict it with .htaccess, and then have a PHP handler that
 checks for the appropriate permissions before passing the file content
 back to the browser.

 Given I've run across this problem multiple times (with a relatively small
 customer base) I'd like to propose that the Media Library incorporate
 functionality to handle this in core.

 1. Add a checkbox on media upload "Restrict Access to this media"

 2. Media with that checkbox check would be uploaded into a wp-
 content/uploads/restricted/ tree (could still use the year/month/

 3. Set .htaccess to restrict access to anything in that tree of folders.

 4. (Haven't fully thought through this part), but create a permalink
 structure for accessing these resources that would be passed through the
 PHP engine.

 If not, the media library / upload UI should have a clear warning about
 the accessibility to/discoverability of files uploaded, as I'm finding
 most users are caught completely off guard by this.

 Interested in your thoughts...

Ticket URL: <https://core.trac.wordpress.org/ticket/33230>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list