Limit file downloads to logged in users (WP + Nginx)

You could do it like this:

location ~ \.(mp3|m4a)$ {
  if ($http_cookie !~ "wordpress_logged_in") {
    return 403;
  }
}

If it is really matters that it is secured (as opposed to just not being “obviously” accessible by the general public), auth should probably also be checked since it’s quite easy to send the WP login cookie with the HTTP request, regardless of auth status.

Related Posts:

  1. How can I use environment variables in Nginx.conf
  2. “413 Request Entity Too Large” in Nginx with “client_max_body_size” set
  3. Nginx: Failed to start A high performance web server and a reverse proxy server
  4. NGINX: upstream timed out (110: Connection timed out) while reading response header from upstream
  5. How to fix nginx throws 400 bad request headers on any header testing tools?
  6. How to use NGINX as forward proxy for any requested location?
  7. “configuration file /etc/nginx/nginx.conf test failed”: How do I know why this happened?
  8. nginx – two subdomain configuration
  9. GeoIP.dat.gz and GeoLiteCity.dat.gz not longer available? Getting 404 trying to load it
  10. wp-json/ return 404, but wp-json/wp/v2/ works fine on my nginx server
  11. ERR_TOO_MANY_REDIRECTS status 302, how to configure NGINX locations to work with AWS ALB?
  12. NGINX conf on WP Multisite enabled — subdirectory — images fail to load after updates
  13. Configuring Routing Rules for WordPress+Nginx and WP-SuperCache?
  14. Installation failed: Could not create directory – CentOS 7
  15. REST API parameters not working with nginx
  16. Difference between these two nginx try_files statements for WordPress?
  17. How to test drive WordPress on VPS with LEMP stack before going live?
  18. Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
  19. nginx.conf appeared in all WordPress installations on folder
  20. nginx php-fpm, and auto updates?
  21. WordPress and nginx, download some pages instead of serving them
  22. nginx wordpress subdirectory Invalid post type
  23. Nginx + Redirection Plugin breaks Permalinks [closed]
  24. ERROR: No such service: nginx when building wordpress with docker [closed]
  25. Nginx tries the wrong file when http_cookie matches logged_in
  26. Site resolves to www in Firefox and without in Chrome
  27. WordPress Nginx Won’t 404
  28. WordPress file not found and 403 forbidden
  29. Correct regex for Nginx FastCGI cache?
  30. Random occurences of 502 Bad Gateway using WordPress and Nginx
  31. SSL via different domain & path with NGINX/PHP-FPM/WP
  32. /blog/wp-json/ nginx return 404
  33. WordPress with Photocrati Theme keeps resetting site URL – help solving underlying problem
  34. NGINX / WordPress Site – Increasing php.ini max_execution_time = 600 doesn’t work
  35. Nginx redirects to an extra subdirectory
  36. Something is injecting a slash after any static file response , server is nginx
  37. Custom permalinks not work on Nginx + Apache
  38. Last-Modified header is removed from server response!
  39. Do I need a DNS on a home network?
  40. 504 Gateway Time-out nginx/1.14.0 (Ubuntu)
  41. WordPress + Nginx (Lightsail) problem with ajax
  42. Restrict access if logged out except for homepage
  43. Can I do fragment caching with NGINX fastcgi?
  44. Proxy caching WordPress with Nginx
  45. How to configure nginx for wordpress
  46. Pagespeed Error in Nginx
  47. Rewrite old post images to https
  48. Varnish + Nginx for WordPress is Good?
  49. Must I install a plugin for Nginx object caching? [closed]
  50. Access denied unless I add trailing /
  51. Pages, aside from admin-side and the home page, read “500 Internal Server Error – nginx/1.1.19”.
  52. Nginx how to redirect index.php
  53. In Nginx, how can I rewrite all http requests to https while maintaining sub-domain?
  54. Why do I need Nginx and something like Gunicorn?
  55. Nginx reverse proxy + URL rewrite
  56. How can I see which flags Nginx was compiled with?
  57. How to force or redirect to SSL in nginx?
  58. How do I add Access-Control-Allow-Origin in NGINX?
  59. nginx HTTPS serving with same config as HTTP
  60. How to reply with 200 from Nginx, without serving a file?
  61. Nginx config reload without downtime
  62. How do you restart php-fpm?
  63. Nginx enable site command
  64. How to remove the path with an nginx proxy_pass
  65. How to output variable in nginx log for debugging
  66. Make nginx to pass hostname of the upstream when reverseproxying
  67. connect() failed (111: Connection refused) while connecting to upstream
  68. Can I hide all server / os info?
  69. Nginx 1 FastCGI sent in stderr: “Primary script unknown”
  70. Nginx: How do I forward an HTTP request to another port?
  71. Setting expires headers for static content served from nginx
  72. How to restart nginx?
  73. How to disable timeout for nginx?
  74. What does this nginx error “rewrite or internal redirection cycle” mean?
  75. How does try_files work?
  76. nginx – client request body is buffered to a temporary file
  77. Do you need separate IPv4 and IPv6 listen directives in nginx?
  78. an upstream response is buffered to a temporary file
  79. Disable caching when serving static files with Nginx (for development)
  80. How to make a modification take affect without restarting nginx?
  81. How to use nested Nginx location blocks (prefixes vs. regex directives)?
  82. Nginx Redirect via Proxy, Rewrite and Preserve URL
  83. Nginx – root versus alias, for serving single files?
  84. Why do I need nginx when I have uWSGI
  85. What’s the difference between the “mainline” and “stable” branches of nginx?
  86. Nginx redirect one path to another
  87. Remove “www” and redirect to “https” with nginx
  88. Loading WordPress Site Inside iframe won’t allow users to login
  89. Nginx error: client intended to send too large body
  90. Changing permalinks gives me 404 errors on nginx
  91. Mysterious HTTP 404 header in my own scripts
  92. Remove site root trailing slash
  93. Cannot update WordPress to 5.2
  94. A single category with a specific permalink structure differing from the standard set for the rest of the site
  95. Restrict content based on buy woocommerce product
  96. Multiple sites with pretty permalinks with nginx
  97. Setup another new subdomain root on top of multisite configuration
  98. How to Install WP to Subdomain but Serve on Subdirectory?
  99. Sudden Upload HTTP errors, PHP uploads and memory limits are already to high to my taste. Anything else?
  100. nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]