Protect Wordpress Uploads Folder - ???

[Fernando Veloso]

Hi guys,

Need to protect my uploads folder in wordpress.

Any plugin to mask the url of files inside it?

Anything i can do to prevent copy-paste and sharing of files url?

[theimdude]

I have been setting permissions to write on the wp-admin folder but have changed all mine to read only.

I now ftp all my files as it is saver or if I have to upload within WP change the permissions back to normal when I am finish.

The other day I was checking stats on a domain and was impressed with the traffic as I didn't promote it at all.

On further investigation I saw some jerks used it to host porn referral link pages on my site and that is where the traffic was coming from.

They do it in a clever way as to stay undetected. Once I have changed the permissions it is all ok now.

The best way to solve your problem is to add a blank index.html file to the upload folder. When accessed it is blank and no file show. Or put on the page a picture of you with big grin asking the person if you can help them.

So basically when the download link is http://domainname.com/wp-content/download/file.zip in the person delete file.zip the page will default to http://domainname.com/wp-content/download/index.html

[Fernando Veloso]

Hey thanks but not sure if i understand you.



I have already the blank file BUT if they check the source code of a page with a selfhosted video they can see the url and share it.

Thats my problem.

If this is a password protect site how can they access that inside folder?

[theimdude]

Quote:

Originally Posted by Fernando Veloso

Hey thanks but not sure if i understand you.



I have already the blank file BUT if they check the source code of a page with a selfhosted video they can see the url and share it.

Thats my problem.

If this is a password protect site how can they access that inside folder?

Try changing the permissions on that file to 640 as that will disallow public access. You might have to do that to the folder as well or maybe if you do the folder only it will protect all the files.

[Fernando Veloso]

Nop, that way even logged in users can't see the files.

What a pain. I am in trouble here.

[theimdude]

Try masking the url and then check if you logged out if you can access the file then. I am sure I got a link for a download that was masked before but had to login before I could access it.

[Fernando Veloso]

This are videos hosted in my server, and yeah, i'll have same issue with PDF's...

[theimdude]

I just discover something strange. When I password protect a directory domain.com/test/ I cant access it without logging in but when I password protect the directory

domain.com/wp-content/uploads/ I can access without having to login. I didnt login before at all and cleared all cookies. So maybe just put you files in a separate directory in the root. Might work

I am off to a coffee shop as this is making me thirsty

[Fernando Veloso]

This is not good. Not good at all.

I just realized all the files for my members will be available if they share the url.

HELP.

[Craig Desorcy]

Quote:

Originally Posted by Fernando Veloso

This is not good. Not good at all.

I just realized all the files for my members will be available if they share the url.

HELP.

You could use a script like amember to protect everything.

-OR- any other membership script.

You can also use Amazon S3 hosting along with my plugin to stop people from hot-linking to your content. This will protect ALL types of media... PDFs, audio, video, .zip, whatever.

P.M. Me your email address and I'll give you a Amazon S3 Wordpress
plugin that will do the above. If you like it, just give me some feedback
I can use :-)

Craig

[Fernando Veloso]

Thanks Craig,

just sent a support ticket to ***** asking for a money back and will decide what to do next.

And yes, i did take a look at amember, djguard etc etc but this script was for WP so i believed it would protect ALL my files not just pages