Deny http access to a directory, allow access from WordPress plugin
- by luke
Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser.
However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work.
Trying
Order Allow,Deny
Deny from all
Allow from all
but the download links do not now work... even though (I think) they are links produced by the script e.g.
http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf
Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.'
However, if someone knows the URL where the file was uploaded
http://www.site.com/wp-content/uploads/folder/something.pdf
they can still access it directly.
I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped!
Thanks for any help.