How to make media upload private? [duplicate]

Searching this Stack, I can see two possible solutions for this question (not tested).

One

The answer is not fully developed, but can provide some insight.
Restricting access to files within a specific folder

Two

How to Protect Uploads, if User is not Logged In?
Frank Bueltge’s answer seems interesting but the code is quite complex. As he himself admits his english is nasty, but I can assure his coding skills are superb 🙂

And the answer provided by hakre could be operational:

  • Protecting one or more folders inside /wp-content/uploads/ through .htaccess as detailed there.
  • Moving the desired files to this upload folders according to User or Post-ID, and for that the answer I provide to this question should do it. And, with the examples provided, maybe you can think of other kind of filtering.

Related Posts:

  1. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  2. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  3. Are WordPress Plugins essential?
  4. I found this in a plugin. What does it do? is it dangerous?
  5. What are the common security flaws I need to look for? [closed]
  6. What could a hacker do with my wp-config.php
  7. Why “Contact Form 7” doesn’t update PHPmailer library?
  8. Secure WordPress paid plugin
  9. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  10. What does a security risk in a plugin look like?
  11. WordPress Capabilities: edit_user vs edit_users
  12. How to check plugins for malicious code?
  13. How to properly secure my WordPress installation?
  14. Where should my plugin POST to?
  15. Security error WP 4.0 + WP phpBB Bridge [closed]
  16. Why am I sometimes getting a 404 error when I try to update a page with Elementor?
  17. Should I use RIPS tool to test my themes and plugins?
  18. Why users disable the WordPress update?
  19. How many security plugins are too many? [closed]
  20. Will WordPress username displayed somewhere in the site?
  21. Upgrading WordPress 4.0 asks for FTP password
  22. Is revealing just the AUTH_KEY a security issue?
  23. How Restrict access to admin dashboard by specific static ip?
  24. Protecting against malicious code in WordPress plugin updates
  25. Questions about brute force attacks on the admin username, coming from amazon IP addresses
  26. Why Better WP security plugin returns 418 I’m a Teapot “error”?
  27. How to expire all wordpress user passwords instantly?
  28. How to limit WordPress pages during updates?
  29. rms_unique_wp_mu_pl_fl_nm.php
  30. Security issues with WP sites
  31. Security checking in meta_box save is reluctant?
  32. Should you escape hardcoded URLs?
  33. Preventing BFA in WordPress without using a plugin
  34. How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
  35. How to delete Passwrd Protected posts cookies when a user logged out from the site
  36. The safest way to automate WordPress backups
  37. wp_create_nonce function doesn’t work inside a plugin?
  38. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  39. Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
  40. Headers Content-Security-Policy CSP Major Issue
  41. How to block plugin activations with no known user or coming from unknown IP address range?
  42. Nonce failing on form submission
  43. Check for security updates
  44. Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
  45. Malicious File Upload [closed]
  46. Malware installation during plugin update?
  47. Hack-Proof OR Security in WordPress — is it real?
  48. I should enable automatic updates?
  49. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  50. Security and Must Use Plugins
  51. Is Timthumb still broken? What security measures should be taken?
  52. Is it safe to use admin-ajax.php in the frontend?
  53. How to protect WordPress from security scanner [closed]
  54. Specific way to allow WordPress users to view their current password? And edit it?
  55. Too many login attempts
  56. How to prevent plugins from sniffing/stealing other plugins’ options?
  57. Website show Google Ads when we have no Google Ads linked to our website
  58. Vulnerability Concern From the Plugin or From Not Updating the Plugin?
  59. Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
  60. Webservice credential storage [duplicate]
  61. Regarding plugin security
  62. How do I determine if the user who registered is not spam?
  63. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  64. Is this plugin safe to run?
  65. Is the Block Bad Queries Plugin Still Relevant?
  66. WP Insert Post If user refreshes override new post
  67. 404 errors when updating options in admin dashboard
  68. Website Captcha Error: The reCAPTCHA wasn’t entered correctly
  69. WordPress search shows protected content
  70. Can I disable xml-rpc by setting it to false?
  71. How can I disable new plugin and theme install, but allow updates?
  72. Help to Create a Simple Plugin to make a post
  73. Validating ajax search
  74. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  75. WordPress disable direct access of files in WordPress installation path
  76. Asking help regarding potential malware
  77. Bing/msn bots is heavily requesting random of my website
  78. “Fire Secure” menu item
  79. https rewrite not working for All in one security Brute force > rename login url
  80. Redux framework somehow added to my site, can’t locate in plugins
  81. Being hacked. Is there a list of WordPress security holes I can check against?
  82. wp_verify_nonce fails always
  83. Write mysql credentials in plugin
  84. Validating values using Settings API?
  85. SWF in wordpress post
  86. Unwanted Links and Spam WordPress Pages and Posts
  87. Problem with permissions in wp-content/plugins
  88. File permissions for wp-minify plugin
  89. What is the recommended way to be notified of security updates to my plugins? [closed]
  90. My WP site and password was hacked, what to do? [closed]
  91. How to resolve these findings from security audit
  92. How I can hide my wp folders from Inspect Element (Developer Tools)
  93. How to Find WordPress site has backdoor login Codes
  94. How to rename files during upload to a random string?
  95. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  96. Block Root REST API Route using custom &/or iThemes
  97. Is it a good idea to restrict the REST API
  98. WordPress.Security.NonceVerification.Recommended
  99. Secure way to add JS Script to WordPress filesystem
  100. How to verify/test that a custom built wordpress theme is as secure as possible?

Leave a Comment