Disabling direct access to images using .htaccess

I have added the following rewrite rule to my .htaccess (above the previous rewrite rule):

RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L]

You presumably have another .htaccess file in the /wp subdirectory that contains the main WordPress directives (ie. # BEGIN WordPress etc.).

You should be adding the above rule to the /wp/.htaccess file, not the one in the root.

When accessing a URL of the form /wp/... the mod_rewrite directives in the root .htaccess file are completely overridden by the mod_rewrite directives in /wp/.htaccess (by default). The mod_rewrite directives in the root .htaccess file are not even processed, since mod_rewrite directives are not inherited by default.

The dl-file.php script should then be in the root of the WordPress installation, not in the document root.

Aside:

However, since I installed WordPress in a subdirectory, the image path actually is .../wp/wp-contents/uploads/image.jpg.

Although this would imply you have a mismatch of URLs… some containing the /wp subdirectory and some (your static assets) not.

The first rule you posted rewrites requests to the /wp subdirectory for any request where it is omitted. (The .htaccess file in the /wp subdirectory ensures it does not rewrite requests that already contain /wp.)

You should either:

  • Include /wp in all your URLs

  • Omit /wp from all your URLs.

You currently appear to have a mixture of both.

Related Posts:

  1. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  2. Prevent users from accessing mp3s in my uploads folder?
  3. How to proxy local WP uploads folder to live site
  4. How to rewrite WordPress uploads folder to another folder using htaccess
  5. How to protect media directory with .htaccess?
  6. Rewrite rule to load images from production does nothing
  7. Password protect any file in WordPress
  8. Redirect to another page using contact form 7? [closed]
  9. Deny access to uploads folder with exceptions
  10. Increase .htaccess file upload without prompting error
  11. Limit image upload to one and disable audio, video and other document file types to upload
  12. Media upload finished hook
  13. How can I batch delete all unattached images with WP-CLI or other automated process?
  14. How to add custom rewrite rule to .htaccess?
  15. How to wp_upload_bits() to a sub-folder?
  16. “Add Media” only shows “Full Size” under Attachment Display Settings
  17. Differentiate Featured Image from Post Images upon Upload
  18. Is it possible to trigger some JavaScript when Media Popup is opened?
  19. What permissions does wp-content/uploads need?
  20. wp_handle_upload() – how to upload to a custom subdirectory within uploads
  21. There’s a way to scale media (images) at 50%?
  22. How to Reduce the Maximum Upload File Size?
  23. Media Uploader: get deleted files
  24. How can I prevent uploading bmp image?
  25. how to upload mp3 from url to wp media
  26. How to get the image url in the input box from media library?
  27. Add file extension to temporary file
  28. Post Specific Uploader
  29. WordPress site stuck at 1MB for max file size
  30. Why “Store uploads in this folder” option is not showing in Media Settings in WordPress
  31. Custom rewrite rule
  32. Media upload via backend doen’t work after moving site
  33. Specified file failed upload test. Error When Uploading Image From Front-end
  34. Where is Featured Image code stored in WP?
  35. Allowing .exe uploads (old WPSE posts no longer work)
  36. different child theme for subdomain
  37. Thumbnails produce unwanted gray pixels on white background [closed]
  38. Is it safe to delete uploaded photos if Photon (Jetpack) is activated?
  39. How do I get allowed Media Library upload file extension list?
  40. Create rewriterules for different domains in htaccess file with WP multisite
  41. Is it possible to upload text files (e.g. JSON) to wordpress blog in any way? [closed]
  42. How to manage a big collection of files with wordpress?
  43. Use the WP media uploader dialog for uploading a form attachment (non-admin). Offering progress and drag and drop feedback
  44. using wp_insert_attachment() results in guids with file names different to the same file when uploaded via media page in admin
  45. Separate Uploads folder on other server
  46. How to disable plupload completely from latest wordpress 3.6 and make browser upload default
  47. Post processing of uploaded file
  48. What to write in the htaccess in order to detect browser language and point accordingly?
  49. REST API: upload media with advanced custom fields (ACF)
  50. Prevent a folder from being shown within the media library
  51. async_upload.php 500 Error when Uploading larger files with slow internet connection and latency
  52. Is It Possible to Upload Certain Attachment Files To A Remote Server
  53. Redirect Uploads Folder to Query Vars in WordPress
  54. After moving from complete AWS setup to a standalone WordPress Server, Media/Image Files are Broken
  55. custom url rewrite for wordpress
  56. Upload Button in meta box not opening library
  57. WordPress Media frame pre load images from ids
  58. How to allow logged out users to upload media?
  59. Customise particular RSS permalink
  60. File Upload from Frontend
  61. Easing the download of a regularly uploaded pdf
  62. Get all images in uploads directory and list them
  63. Upload mime types for ai illustrator file
  64. Is it possible to import all files from a uploads DIR into WP media, retaining paths to the files
  65. How to resize attachement
  66. How does WordPress decides how many sizes of an image to create?
  67. Big file upload give HTTP error
  68. Offload Media Library to other domain on a different server
  69. What functions of WP_Filesystem allow me to create a file with code-generated contents in a directory?
  70. Image upload to media library fails. Folder won’t create, database insert fail, XAMPP Windows
  71. Right way to download file from source to destination
  72. Dynamically determine the width and height of a image file to be cropped & uploaded AFTER form submission given fixed aspect ratio
  73. Incorrect filenames in load-scripts.php parameters
  74. wordpress upload permission on nginx & ubuntu
  75. How to change archieve frequency of the media file in uploads folder for wordpress blog
  76. Insert attachments from custom uploader into post (regular uploader style)
  77. How to download CSV from sub directory in uploads folder
  78. Blog suddenly can’t display .jpg
  79. Upload multiple files
  80. wordpress Do not show new image attachment in media
  81. 413 Request Entity Too Large nginx/1.18.0 (Ubuntu)
  82. Manipulate the files uploaded via Gravity Forms before they are stored
  83. Front-End Upload media with category
  84. Sanitizing existing media library paths and page links from foreign characters
  85. Cannot upload png photo files into media library. I get a ‘Could not insert post into the database’
  86. Do audio files impact the loading time of the website?
  87. Set default “Link CSS Class” in add media admin editor
  88. No Ones Been Able to Override my WordPress Rewrite Rule Issue!
  89. 45mb File Exceeds the Maximum Execution Time
  90. WP Capabilities to Add Media, Use Media, But Not Edit Them
  91. CSS updates appear after delay [closed]
  92. Why isn’t my enqueuing working properly?
  93. How do I allow family commenters to upload photos?
  94. Do I need FTP set up to upload files to wordpress server
  95. Problem uploading files, after changing domain name
  96. Unable to upload images using the Media Library
  97. Updating Media Library PDF’s in bulk
  98. WP-Include rewrite directory
  99. Assign multiple categories to Media Library upload
  100. Update media item using wordpress rest api in python