Hiding Files

  • apflwpott

    (@apflwpott)


    6 years, 4 months ago

    Hello,

    I have a question regarding a plugin I am developing for someone. My plugin generates pdf forms based on input from public facing forms and then stores the forms on the backend. Right now I am storing the files generated under wp-content/plugins/myplugin/admin/a_folder. I am able to view the pdf’s while not logged in if I know the filename. Directory browsing is turned off and I have placed a .htaccess file under the plugin/admin folder but still able to see the files.

    Is there anything I can use with wordpress to make sure a user is logged in as admin before viewing these files?

    • This topic was modified 6 years, 4 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Developing with WordPress topic
Viewing 2 replies - 1 through 2 (of 2 total)
  • catacaustic

    (@catacaustic)

    6 years, 4 months ago

    Firstly, if you’re going to distrubute that plugin don’t store the files there! Any time that the plugin is updated, WordPress removes all file and folders in the pluigns directory – and that would include all of your generated PDF’s. The best thing is to store them under the /uploads/ folder with your own folder name.

    As for viewing, that’s little harder. You can set up the .htaccess file, but that will only block directory listings and not file access.

    To do it the right way (in my opinion at least) you should set up the .htaccess file to dissallow ALL access, so no one can view anything at all in that folder. then create a script that checks the logged in users ID or credentials or what ever other criteria you need to work on, and have that script read and pass-through the PDF file to the user. That way the files are secure and can’t be read by anyone just looking.

    Thread Starter apflwpott

    (@apflwpott)

    6 years, 4 months ago

    noted on the separated uploads folder..

    I’ll look at using a separate script just to lock down the files…might be the best way to go.

    Thank you for your response

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Hiding Files’ is closed to new replies.