Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • October 12, 2017 at 9:34 pm #863629
    med

    Hello Enfold,

    I need to forbid access to all PDF files that were uploaded through the standard Admin Backend -> Media -> Upload and therefore are laying in directories wp-content/uploads/[year]/[month]/

    So that if somebody calls an URL like http://example.com/wp-content/uploads/2017/05/file1.pdf he would be redirected to a No Access page Error 403 or to to the start page.
    In functions.php of my child theme I inserted the code: 

    
if(!function_exists('custom_rewrite_basic'))
{
    function custom_rewrite_basic() {
      add_rewrite_rule('wp-content/uploads/^.*\.(pdf)$', 'index.php', 'top');
    }
    add_action('init', 'custom_rewrite_basic');
}

    But for some reason this does not work and the URLs of PDFs are still accessible.

    October 13, 2017 at 4:08 pm #864031
    Victoria

    Hey med,

    Can you give us temporary admin access to your website in the private content box below, so that we can have a closer look?

    I think it’s better to do it via .htaccess.

    Best regards,
    Victoria

    • This reply was modified 7 years, 3 months ago by Victoria.
    October 13, 2017 at 8:34 pm #864144
    med

    I will be back at the office in a week and will send you an admin access.

    Concerning solution through the .htaccess file the problem is that WordPress constantly resets the .htaccess file with its standard block of directives, so the changes you make in the .htaccess will go lost quite quickly (e.g. when you refresh permalinks) and the reset of a modified .htaccess can even crash all your .htaccess.

    In WordPress the best and cleanest solution for doing rewrites is to use functions.php and native WP functions like the add_rewrite_rule function.

    Best regards

    October 15, 2017 at 12:53 am #864375
    Mike

    Hi,
    The # BEGIN WordPress and # END WordPress serve as markers used by WordPress in the .htaccess file, WordPress will only modify within these markers so adding rules outside these markers will not be touched.
    Prevent Hotlinking With A .htaccess File

    RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)example.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf)$ - [F]

    Replace example.com on line 3 with your own domain name.

    Best regards,
    Mike

    October 23, 2017 at 5:22 pm #867727
    med

    Hello,

    thanks for the script, it worked (at least for the last 20 min by now) when I put only one of the lines ( RewriteRule \.(pdf|…..), not all 4 lines after the marker “# END WordPress”.

    But I am still searching for a solution through child’s functions.php, because it is not good to write something outside of markers in .htaccess.
    WP itself and other plugins which are constantly writing into .htaccess could get confused by freely flying lines outside of markers and damage the htaccess.

    Best regards

    October 24, 2017 at 8:32 pm #868371
    Basilis

    Hi,

    There will be no confusion at all.
    In any case, you can disable MIME Types into WordPress

    function my_myme_types($mime_types){
    unset($mime_types['pdf']); //Removing the pdf extension
    return $mime_types;
}
add_filter('upload_mimes', 'my_myme_types', 1, 1);

    Let us know if anything else is needed

    Best regards,
    Basilis

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.