You should define which resources you want to protect. I think you have such choices:
1) Protect whole site
2) Protect only posts (without resources)
3) Protect posts & all resources (but only uploads
, not wp-content
! otherwise you will break your themes/plugins)
So, as you say you need 3rd way. In such case, you should use htaccess
cookie-based redirection:
-
Create
htaccess
inwp-content/uploads
which restricts access to all urls there for users who doesn’t have a cookie “cookie_name” set to value i.e. ‘xyz’:RewriteEngine On
RewriteCond %{HTTP_COOKIE} !cookie_name=xyz; [NC]
RewriteRule ^ https://your_site.com/authorization-page [NC,L] -
Create
authorization-page
where should be a form to insert a password (set whatever you want) and if user correctly enters password, then set cookiecookie_name
toxyz
.
p.s. just replace xyz
and cookie_name
with very random characters.