How to Protect Uploads, if User is not Logged In?
Only checking if the cookie exists, is not much of a strict protection. To get a stronger protection, you can pass or “proxy” all requests to the uploaded folder (exemplary uploads in the following example) through a php script: RewriteCond %{REQUEST_FILENAME} -s RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L] All requests to uploaded files (which includes images in … Read more