Media Protection
-
Hi there
I want to prevent non members from accessing files directly eg. https://mysite.com/wp-content/uploads/2018/04/mypic.jpg.
I am attempting to use the Media Protection add-on but it is not working as expected!
Using “Mask download URL” (any of the 3 options) doesn’t seem to protect anything at all.
Activating “Advanced Media Protection” seems to block the whole site from non-members ie. even the front page returns a 404 error. (Note: under the settting “Protect uploaded files” I removed all file extensions since I don’t want direct access to any of them.)
De-activating the above and activating “Protect Individual Media Files” causes the front page (which should be accessible to everyone) to show a “No access” message, and yet doesn’t protect files such as https://mysite.com/wp-content/uploads/2018/04/mypic.jpg despite having put specific protection on that page!
Obviously I have tried clearing the cache/refreshing permalinks after each test but it makes no difference.
I’m using the free version of Membership 2. Does this level of protection even work on that basis? I’m really confused because the results I’m getting seem to make no sense at all!
Please can you help?
With many thanks in advance.
NikPS. Site is not live so sorry I can’t give you access.
-
Hello there @nikbond,
hope you’re doing good and thanks for reaching us! 🙂
I just made some further tests on this addon to double check it. Please keep in mind that for my tests I used a local testing website from Local by Flywheel, with latest WP version and TwentySeventeen theme.
Using “Mask download URL” (any of the 3 options) doesn’t seem to protect anything at all.
The masking isn’t about protecting the original URLs, but in order to mask/change any image links with the masking option selected. So for example, instead of having links in your pages like
http://yourdomain.com/uploads/2018/04/my-image.jpg
you will have something like (depending the option you select)
http://yourdomain.com/downloads/?ms_file=ms_12345.jpgAdvanced Media Protection is the only way to protect direct access of original URLs, like http://yourdomain.com/uploads/2018/04/my-image.jpg. I’ve tested that and it seems that it works just fine, as the server was returning a 403 forbidden message instead.
As you don’t experience the same, and there’s no other plugin that could conflict with this, I’d rather advise to:
a) Check /wp-content/uploads/.htaccess file content, it should have this in place:## Membership 2 - Media Protection ## Options -Indexes Deny from all <FilesMatch '\.()$'> Order Allow,Deny Allow from all </FilesMatch> ## Membership 2 - End ##b) Check .htaccess in root folder and any other in /wp-content/, just in case there’re any other similar rules that could conflict with these.
c) If none of the above helps, please contact your hosting provider about it, as it should be something else in the server level that overrides that.Protect Individual Media Files option can protect the attachment page (you can see it from here) and the masked URL, not the original URL.
Warm regards,
Dimitris
The topic ‘Media Protection’ is closed to new replies.
