Deny access to uploads folder with exceptions

This actually does not work great at all as the existence of the cookie does not indicate that the user is logged in, or even that he was ever logged in. All it indicates is that someone somehow set that cookie. To know that the user accessing the file is actually logged in or ever was, you need to actually validate the content of the cookie something that you cannot do in .htaccess.

Granted, that is good enough for probably 95% of the use cases, but if you “hide” something that might be worth “money,” you should rethink it.

In theory, the right solution is to avoid putting private information into the uploads directory, and have only public info there. The private info you serve from a URL you define in WordPress, for example a specific page, or with a special rewrite rule, after you check the credentials of the user.

For inspiration, you can look at how the EDD plugin serves its file to people that paid for them.y

Related Posts:

  1. How to rewrite WordPress uploads folder to another folder using htaccess
  2. How to protect media directory with .htaccess?
  3. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  4. Prevent users from accessing mp3s in my uploads folder?
  5. How to proxy local WP uploads folder to live site
  6. Rewrite rule to load images from production does nothing
  7. Disabling direct access to images using .htaccess
  8. Password protect any file in WordPress
  9. Increase .htaccess file upload without prompting error
  10. How to remove .html from URL?
  11. How to generate thumbnails when needed only?
  12. Media files exist in upload folder but not showing up
  13. Set limit to media upload?
  14. Save camera info as metadata on image upload?
  15. How to upload SVG in WordPress 4.9.8?
  16. Use a separate custom table (not posts) to handle file upload data
  17. PNG with transparent background turns black when uploaded and resized
  18. WP 3.3 > Still no option to enable automatic image overwrites?
  19. Custom upload directory per CPT; when removed, file not deleted
  20. Modify featured image path to Amazon S3
  21. How to set an upload directory for each media type?
  22. How to get all files inserted (but not attached) to a post
  23. How to protect uploads in multisite if user is not logged in?
  24. WordPress on a subdirectory of Laravel – WordPress pretty permalinks inner page shows laravel
  25. Trigger JS when featured image upload window is opened in admin
  26. uploading files to the uploads folder via ftp
  27. Delete images uploaded by ‘Subscriber’ role
  28. Bypass .htaccess when using download_url
  29. Remove upload_files capability from a role but allow role to manage an avatar image
  30. 3.5 media manager add CSS / JS to new ‘tab’ iframe content
  31. Insert Featured image from Feed
  32. http error when uploading media files
  33. How can I upload a csv file into WordPress?
  34. How to link to the image editor’s Edit Image function?
  35. Image uploading stuck on “crunching”
  36. Saving WordPress generated thumbnails in a subdirectory
  37. Whole bunch of errors on WP website – media upload, edit slugs, edit screen not working [closed]
  38. How to create a 301 redirect that doesn’t apply to subsites
  39. Retroactively place uploaded media into -month, -year based folders?
  40. Conditional add_filter for upload directory?
  41. Need to download uploaded binary file
  42. Insert Image automatically when upload finishes wordpress media uploader
  43. How do I modify the url of uploaded media content?
  44. WordPress “HTTP error.” when uploading Media – IIS
  45. WordPress uploads folder path. how it is decided?
  46. Limit upload file type on one custom post type
  47. Filter / Hook to get attachment ID before uploading?
  48. Adding Media Upload to Custom Options Panel breaks “Insert into Post”
  49. PDF file upload issue
  50. WordPress bug with capabilities?
  51. Update image via WP REST API
  52. media_handle_upload() progress bar
  53. ‘An error occurred in the upload. Please try again later.’ for users with different roles
  54. Rewriting “pretty” blog category URL with htaccess / add_rewrite_rule() causes 404 page
  55. How to submit data between wp_iframe and backbone.js in media upload
  56. Set post_parent value for the images uploaded by Add Media button into post
  57. What are best practices to storing uploads in WordPress?
  58. Original image not saving?
  59. Create featured image from a remote url when creating a post
  60. Using Add from Server to upload by post ID
  61. Image resizing – TimThumb vs convert on upload?
  62. File names are being overridden when uploading new media
  63. Patient portal using wordpress
  64. Stop image resizing in particular case – is that possible?
  65. Change the look of the media uploader
  66. Is it safe to upload JSON files to upload folder?
  67. Using Windows Server 2012 How to Move Uploads Folder to another hard drive
  68. “Trying to upload files larger than” error will not go away
  69. How to add filetype to meta value when using wp_upload_bits?
  70. Cropping thumbnails to specific dimensions on front end post
  71. Double slash in upload URLs
  72. Unable to upload new file as a product
  73. All my files are on my blog! I need sync solution
  74. Make inline uploader (plupload) on options page upload to a specific folder
  75. WordPress blog with a custom made theme hosted on heroku
  76. media file uploading
  77. htaccess redirect to path
  78. What is wrong with my wp_insert_attachment code?
  79. Editor User Role can’t see other users media
  80. How to allow .ged file uploads
  81. Media files not loading
  82. Set attachment category from file name on upload
  83. HTTP Error WordPress on IIS uploading image
  84. What folder to place Large Video files?
  85. WordPress Upload Speed
  86. _d_improd_ directory in uploads breaking site images
  87. Drag and Drop Media Not Working in Windows 10 Edge Browser
  88. Exclude some photos in media library
  89. Failed to load resource at admin screen
  90. Upload more than one media files with a post
  91. .htaccess not working in WordPress
  92. uploading photos
  93. How to handle image resize in media_handle_sideload?
  94. Image uploaded in media library, can only see it when I using the WP Edit Image feature. 404 when trying to view in browser
  95. Single file upload
  96. Can’t get pretty permalinks to work without index.php
  97. Add frontend editor with media buttons for Visitors and display only their media
  98. WordPress Custom Fonts Problem! [closed]
  99. Create media folder upon post publish?
  100. How to use ‘blogs.dir’ as media upload instead of ‘uploads’ directory in WordPress multisite setup