[wp-trac] [WordPress Trac] #33230: Add Restricted Access to Media Library
WordPress Trac
noreply at wordpress.org
Sat Aug 1 17:31:27 UTC 2015
#33230: Add Restricted Access to Media Library
----------------------------+-----------------------------
Reporter: shooper | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version:
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
I've had many WordPress site owners who've e-mailed in a panic when they
discover that a PDF, Word Doc, Spreadsheet, etc. they've uploaded in the
Media Library has been discovered on Google with information that wasn't
intended to be public. They thought that because the post or page that it
was linked to was restricted, so what the media within.
The solution to this (for me) as been to move these files into a new
folder, restrict it with .htaccess, and then have a PHP handler that
checks for the appropriate permissions before passing the file content
back to the browser.
Given I've run across this problem multiple times (with a relatively small
customer base) I'd like to propose that the Media Library incorporate
functionality to handle this in core.
1. Add a checkbox on media upload "Restrict Access to this media"
2. Media with that checkbox check would be uploaded into a wp-
content/uploads/restricted/ tree (could still use the year/month/
subfolders).
3. Set .htaccess to restrict access to anything in that tree of folders.
4. (Haven't fully thought through this part), but create a permalink
structure for accessing these resources that would be passed through the
PHP engine.
If not, the media library / upload UI should have a clear warning about
the accessibility to/discoverability of files uploaded, as I'm finding
most users are caught completely off guard by this.
Interested in your thoughts...
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33230>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list