Wordpress: prevent navigating to files in content folder unless logged in - wordpress

So I'm working with an installation, and have files in my wp-content/uploads folder. I want to prevent people from navigating to it directly, or accessing it at all (including videos called in a podcast), unless they are logged into the site.
It this a simple htaccess thing? I'm not even sure where to start.

Add
Options All -Indexes
to your .htaccess file after the # END WordPress line.
It will prevent people from browsing your folders and display a forbidden message if they try. See:
http://catrabbit.com.au/wp-content/uploads/2010/10/
I misinterpreted the question. Sorry.
To clarify:
This stops everyone (logged in or otherwise) from browsing your folders. I'm not sure why do want to allow logged in users to browse the uploads folder in the first place...

Found a plugin to handle this:
http://wordpress.org/extend/plugins/private-files/

Related

Putting a custom directory inside wordpress

I have a simple HTML microsite, which I want to put inside my wordpress website. For example: Wordpress website is: abc.com
I want to put my microsite inside this wordpress site. So URL becomes:
abc.com/microsite/
But, wordpress treats any url as its own. How can put "abc.com/microsite/" urls to Wordpress Ignore list. So that any pages inside microsite folder executes independently.
just put you folder 'microsite' in root(Where you find wp-admin,wp-content and wp-include folder). and
you are able to access the folder
"abc.com/microsite/ by this url
If you are still having issues with accessing the subfolder, try renaming the .htaccess to .htaccess-bak in order for WordPress to regenerate the file again. Understand that your website might temporarily go down.
I've found this solution to help in some cases, but I don't know exactly why, ergo I am not sure it will work. And if you feel uncomfortable editing the .htaccess file I suggest you learn more about it (as should I). It is a very powerful file and WordPress uses it a good deal.
P.S. The file is located in the same folder, WordPress' root folder where you find /wp-admin/, /wp-content/, etc. It is hidden by some hosting providers, but I've always been able to find them through FTP with the hosting companies I've used before.

Only a wordpress group of user can access to a folder using .htaccess

I don't know a lot about .htaccess.
I have a web with Wordpress and I made a part private only for subscribers. I have installed a couple of Wordpress plugins to control the access to that page. The problem is that the "private" page links to a folder where I have a lot of .html pages. That is the folder I want to protect. I have used the http_refered in the .htaccess but I know it is very easy to hack it.
Is there any way to write in the .htaccess file a command that check the Wordpress user file and see if the user belongs to the "suscriber" group?
I suggest to protect the private page with password (this is common feature in Wordpress) and do not mess with the .htaccess file.
Anyhow, the is no way to tell the Apache (because the .htaccess is applied from it) that this or that user is registered or approved user. This can be done on different level - PHP and/or Wordpress logic.

Editing .htaccess without FTP access through Wordpress

I have no access to my FTP but I'm able to edit the web through Wordpress. Is there any way I could perhaps generate the .htaccess file through the admin framework? I know there might be a plugin to do that, but bear in mind I have no FTP access and the plugins require it to be installed.
I need the .htaccess file to redirect the user to another site.
I know this might strike you as weird and stupid, but this is due to the company's central decision to keep the site hosted by, I guess, a "friendly" hosting company. There's no way of recovering the login/password for FTP, so this might be the only solution.
Please, try posting constructive comments only, no "contact the hosting company". If I could, I would.
If your hosting company has set up wordpress correctly, then there is no way to do this, because unix permissions should make .htaccess read-only to the owner of the web server.
If the company has not done this, and if you have a way to change the templates, you might have success by creating a template that contains php code to open and write the .htaccess file.
Sample code to be put at the top of the header.php:
echo 'Current dir: ',getcwd(),"<br>\n";
if ($handle=opendir('.')) {
while (($file=readdir($handle))!==false) {
$ok=(is_writable($file) ? "ok" : "can't write");
echo "file '$file': $ok<br>\n";
}
closedir($handle);
}
This is to test you're in the root directory of your wordpress installation. It should give you the current directory, a list of all files in that directory (expect .htaccess, index.php, and various wp-* files), and their writability.
Once you've checked everything is correct, add
file_put_contents('.test', "RewriteEngine On\nRewriteRule ^(.*)$ site.com$1 [R=301,QSA,L]\n");
echo("<code><pre>-------- included file starts here\n");
include(".test");
echo("-------- included file ends here</pre></code>\n");
to the php code. This writes to a test file and includes it so you can check if everything is ok. When you've checked the file contents, replace .test with .htaccess.
WARNING: You should be VERY sure about the content of .htaccess. file_put_contents doesn't append the new string, it overwrites the whole file. Once you've written a bad .htaccess file, you might not be able to ever change it again, because the web server will redirect you to the new site instead of executing the script on the old site.
I am sorry for your situation. What is the hosting company (will keep this in mind if I ever use them). To try to help:
Do you have access to CPanel? Most hosting providers give it out of the box. Cpanel has a file manager.
Research Wordpress file managers (http://wordpress.org/plugins/wp-filemanager/)
How to edit wordpress .htaccess file from hosting Cpanel: If you are currently unable to login in your wordpress dashboard, or facing 500 internal server error. There is 90% possibility that you were editing your .htaccess file from your wordpress dashboard. In this situation you can only fix your wordpress .htaccess file by editing it from cpanel. Editing .htaccess file from wordpress dashboard is little risky with .htaccess editor plugins. If you will implement any wrong code then you might face 500 internal server error and your site might crush. So first you should take a backup of your existing .htaccess file before editing it. If you have a backup of your wordpress .htaccess file then you can upload it through your hosting cpanel also.
https://howtoways.com/how-to-edit-wordpress-htaccess-file-from-hosting-cpanel/

Clean URLs Broken after moving site to new host

I have copied an existing drupal 6 site to a new host. I thought it was an easy task. Just change the mysql login credentials and run. But obviously not. Fist page is up and runing, but all links to existing pages doesn't work.
What am I missing here? Another configuration I've missed.
The Drupal 6 installation is a NodeStream distibution.
Link to site:
http://u0002002.fsdata.se
It is likely that you forgot to set up mod_rewrite so the nice urls don't work.
It is almost certain mod_rewrite is not turned on you can access pages like this
http://u0002002.fsdata.se/?q=yrke-karriar
To resolve quickly:
Turn off clean urls (don't know the exact url in Drupal 6)
Flush all caches
This will resolve until you can get mod_rewrite turned on or working.
A very common (and even easier to fix) problem that happens when moving hosts is that you forget to include the .htaccess file which can cause problems with clean URLs too.
Fix: Upload a fresh copy of the .htaccess file that comes with Drupal to your web root directory.
I have found out that sometimes I miss this file. This is because I installed Drupal by dragging all the files and folders over to my server, but since the .htaccess file starts with a period, OS X hides it. This means that the .htaccess file was never moved over. - Source DrupalDude.com
And from Drupal.org directly, Clean URLs not working? Check your .htaccess file
Check if the .htaccess file was actually uploaded. It should be in the directory where you uploaded Drupal (for example: /public_html/drupal/)
If the .htaccess file is missing, you need to upload it. If you accidentally deleted this file, just download Drupal again, and copy the new .htaccess file.
Make sure the file is only called .htaccess and not htaccess.txt or anything else. The .period .at .the .beginning is required.
This name usually means that the file will be invisible on folder listings on Unix-based systems so you might not always see it. If using an FTP client, you may have to configure it to 'show hidden files'. If listing on the commandline, you must ls -la to see it. This will be somewhat dependent on your OS.
Here are two tutorials which may help you:
How to move a Drupal site from one host to another
How to Move a Drupal Site to a New Host Without Going Crazy

wp-admin and wp-login.php - 404 error for those who do not administrator (wordpress + htaccess)

I try to hide the traces as wordpress on my website for security reasons. Does anyone know how to create a rule using htaccess, according to which a third party user (with a different ip) redirected to on /404.php if he visits the wp-admin and wp-login.php ... I've seen third-party plug-ins (?) To address this problem, but I do not want to create an extra load on the CMS.
you can use simple redirect in .htaccess like this
Redirect 301/wp-admin/ http://www.yourwebsite.com/404.php
But if you're trying to completely hide wordpress it requires a little bit of technical work...what I did in mine, is search every files in the wp-include and wp-content folder as well as the root folder that contained the wp-login.php and /wp-admin/somefolder words, and change everything to a file or folder to a name of your choice that no-one can guess. Although you have to be very careful as not to change an important code there...

Resources