Securing uploads

  • Resolved d541763

    (@d541763)


    5 years, 6 months ago

    Hello team, I’ve searched for topics related to this and read the FAQ but cannot see it mentioned – does Authorizer provide any facility for managing access to uploaded assets?

    Can assets be uploaded for authorised persons to view/download only, and is that any different for Multisite, where the same assets is (normally) accessible at URLs related to ANY (multi)site in the system?

    Thanks for your time,
    Anthony

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Paul Ryan

    (@figureone)

    5 years, 6 months ago

    It’s not something that Authorizer can control (since your web server will serve static files directly, instead of routing the request through WordPress’s index.php entry point).

    That said, we’ve implemented something similar on some of our sites. Basically, you instruct the web server to redirect /wp-content/uploads URLs to a custom endpoint, and then check for that endpoint in WordPress and do a permissions check before serving the file to the client in PHP.

    Details are here (we describe Apache, but you should be able to do it for any web server):
    https://ww.wp.xz.cn/support/topic/secure-folders-in-wordpress-root/

    Thread Starter d541763

    (@d541763)

    5 years, 6 months ago

    Thank you for the detailed response, and the for the pointer to a possible solution – for some reason my searches on ‘assets’ and ‘uploads’ did not surface that post previously.

    Kind regards,
    Anthony

    Plugin Author Paul Ryan

    (@figureone)

    5 years, 6 months ago

    Not a problem! It was buried in there and I just happened to recall writing it. I stickied the post so hopefully it’s easier for the next person to find.

    Good luck getting everything set up.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Securing uploads’ is closed to new replies.