How to enforce authentication for all resources?

You should define which resources you want to protect. I think you have such choices:

1) Protect whole site

2) Protect only posts (without resources)

3) Protect posts & all resources (but only uploads, not wp-content! otherwise you will break your themes/plugins)

So, as you say you need 3rd way. In such case, you should use htaccess cookie-based redirection:

  • Create htaccess in wp-content/uploads which restricts access to all urls there for users who doesn’t have a cookie “cookie_name” set to value i.e. ‘xyz’:

    RewriteEngine On
    RewriteCond %{HTTP_COOKIE} !cookie_name=xyz; [NC]
    RewriteRule ^ https://your_site.com/authorization-page [NC,L]

  • Create authorization-page where should be a form to insert a password (set whatever you want) and if user correctly enters password, then set cookie cookie_name to xyz.

p.s. just replace xyz and cookie_name with very random characters.

Related Posts:

  1. How to Change the Default Home Page for the WordPress Dashboard?
  2. Continuous Login Sessions For Super Admins Across Multi-Site Network of Sites
  3. After upgrading to WP 5.1.1 sometimes I need to reauth infinitively
  4. What are the standard admin CSS id/class tags?
  5. Admin Ajax is returning 0
  6. Add custom column to Users admin panel
  7. wp_verify_nonce vs check_admin_referer
  8. Add a Separator to the Admin Menu?
  9. How to determine whether we are in add New page/post/CPT or in edit page/post/CPT in wordpress admin?
  10. how to know if admin is in edit page or post [duplicate]
  11. Modal window from within WordPress admin
  12. Where in WP can I check history or log of updates of plugins etc?
  13. Adding a custom admin page
  14. How does admin-ajax.php work?
  15. How to remove entire admin menu?
  16. How do I remove dashboard access from specific user roles?
  17. How can I speed up my WP admin section?
  18. How to pass parameters to admin_notices?
  19. Admin: very slow edit page caused by core meta query
  20. if admin is logged in
  21. Search posts by ID in admin
  22. Setting admin edit panels & metaboxes positions and visibility for ALL users and admins
  23. Find out which moderator approved comment?
  24. The website cannot display the page
  25. How To Remove WordPress Version From The Admin Footer
  26. Sort pages in loop by admin’s page attributes order field?
  27. Edit “thank you for creating with WordPress” in version 3.3.1
  28. Hide other users’ posts in admin panel
  29. Set Default Admin Colour For All Users
  30. Editor Styles and Typekit
  31. WordPress admin stylesheet
  32. This CSS Stuffing Works, But Is This A Good Practice?
  33. Is it possible to create a WordPress tour? V3.3.1
  34. Securing Admin Accounts – Username Discovery
  35. is_admin() returns true when using admin-ajax.php from front end script
  36. How to save dismissable notice state in WP 4.2?
  37. How do I optimize a custom post type admin page with 25,000 posts?
  38. Settings API – adding setting fields dynamically?
  39. Disable Media Uploads to non Admin Users
  40. How do I load a CSS style into WordPress admin area only?
  41. Allowing admin-ajax.php to receive “application/json” instead of “x-www-form-urlencoded”
  42. Can an admin check passwords of registered users?
  43. How can I target WordPress 3.8 new interface MP6 with CSS?
  44. Notification that the admin is online
  45. Does wordpress create activity, update logs?
  46. sort child pages on admin
  47. How-to make the admin area mobile friendly [closed]
  48. How to remove list view from media library?
  49. How to disable the “Your site has updated to WordPress x.y.z” admin email?
  50. Load plugin scripts and styles only on plugin page
  51. Plugin to remove Admin menu items based on user role?
  52. How to obtain the user ID of the current profile being edited in WP-Admin?
  53. 3.3: How do you hide the new dashboard welcome panel?
  54. Add my own button next to “Screen options” and “Help” in the admin
  55. WP List Table custom quick edit box – post meta data missing and columns change on submit
  56. Settings API – easiest way of validating checkboxes?
  57. Are there any action like ‘init_frontend’
  58. Should I use is_admin() inside ‘admin_init’ hook callback
  59. Custom admin email for new user registration
  60. Send Admin Emails to Multiple Email Addresses
  61. How do I set up the defualt page icon for admin menu?
  62. Prevent author from changing their posts if admin has modified
  63. Cannot access admin panel
  64. Make A WordPress Page Accessible To Admins Only, Redirect Other User Roles
  65. Disable all https in WordPress
  66. localhost/wp-admin on my local redirects to production site’s /wp-admin
  67. How to remove administrator role in settings -> general -> New User Default Role?
  68. Is there a more efficient admin search function/plugin?
  69. Can a users profile be put under the dashboard menu
  70. WordPress Admins or Roles per Page
  71. Styling Shortcodes in Visual Editor
  72. initial sort order for a sortable custom column in admin
  73. Showing WP_Error message with admin_notice action hook
  74. WordPress admin screen very slow / timing out when editing or adding a new page/custom post
  75. Uploading files in admin panel?
  76. turn off new user registration emails
  77. Redirect Admin User in Dashboard
  78. Send automatic mail to Admin when user/member changes/adds profile
  79. Create un-removeable user
  80. Get current active wp color scheme
  81. Read only capability for custom post in admin area
  82. WordPress Admin back-end – advanced options page?
  83. Cannot login to WordPress Admin with SSL terminated load balancer
  84. How can ‘admin_email’ be set?
  85. Set Featured Image programmatically (in admin) with JavaScript?
  86. Disable the post save process completely
  87. How can I log a user out of WordPress before the page loads?
  88. use add_settings_field properly?
  89. How to change WordPress default strings?
  90. How can we customize the logo and some text on the welcome screen?
  91. front end logo upload like happytables
  92. Can I set a default dashboard layout for all users?
  93. Allow admin login at /admin
  94. Is there a hook to put stylesheet and/or JS inside iframes (thickbox or tinyMCE) in admin area
  95. How to add filter in “Comments” at the admin panel?
  96. Thickbox hacking – removing fields
  97. How to show custom menu items in the WordPress android app?
  98. How to let authors revise other authors drafts, but keep them from publishing?
  99. Modify built-in post type properties
  100. How to fix admin stylesheet muck-up? [closed]
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)