Our PDA Lite version offers the following features: Protect Unlimited WordPress Media Library File Uploads An Inside Look at Prevent Direct Access (PDA) Gold You’ll be able to protect your private files in no time. We’ve created an intuitive user interface directly in your Media Library. Note I whipped this up pretty quick so there are definitely improvements that can be made.Prevent Direct Access (PDA) offers a simple solution to protect your WordPress files as well as prevent Google, other search engines and unwanted users from indexing and stealing your hard-to-produce ebooks, documents, and videos. I'd welcome any comments or improvements on this. This strikes a good balance between security, performance, and ease of install I think. Like many, I was not happy with the concept that private files are unprotected in the file manager if someone knows the URL. Hopefully this solution helps some people. htaccess rules, even if you add it to the restricted group. It will NOT protect any filetype that is not specified in your. This will slow down the performance of these types of files as you are introducing PHP and some DB queries, but won't affect the speed of images which is the bigger concern. The net result is that you can protect PDF and DOC files that belong to a particular set, even if someone knows the URL. If it doesn't belong to that set, or if you are an administrator, then it serves the file to the browser. If it is, then you get an error message instead of the file. It then looks for the sets the file belongs to and sees if it's in the 'Restricted' set. This is slightly hacky as there is no C5 method for looking up a file by URL (AFAIK). The controller looks in the database for test.pdf and finds the correct one if there are several. When someone requests a file - eg /files/1234/5678/9012/test.pdf Apache will pass that request to the file_access.php controller instead of serving direct. Then go to sitemap and set the attributes so it doesn't show on the menu or in the sitemap etc. Go to the dashboard and add a single page caled "file_access". Then you need to upload a stub into the single_pages folder (file_access.php again). Then you need to upload file_access.php into the controllers folder. This is a controller that we pass all PDF and DOC requests through, it will check permissions before serving the file. RewriteRule ^files/(. \.docx)$ file_access/$1 RewriteRule ^files/(. \.doc)$ file_access/$1 RewriteRule ^files/(. \.pdf)$ file_access/$1 We block direct access to these filetypes via. Is to assign all PDF and DOC files that you want protected to a particular file set - eg "Restricted". DOC files to only C5 users how have permission, however you can easily add or omit any other filetypes Step 1, In his example he has chosen to block all. This method/example was written and provided by user Sadu You do not need to move your files for this type of protection. htaccess then write a php controller for C5 to have permission to serve the file. htaccess a bit further and block all files of a specific filetype from being served outside of C5 and restrict only to users who have permission. RewriteCond % !^ RewriteRule\.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf)$-īlock any file type unless concrete5 asks for it This method prevents hot-linking of specific filetypes this means the direct url to all files of the same type will only work if the user is on a site you allow through HTTP_REFERER this is a very broad approach RewriteEngine on Another way to protect your url's is though editing your.
0 Comments
Leave a Reply. |