Block Wordpress media folder

[Ally]

The website that I have is Wordpress based and its hosted on a Litespeed/apache server.

I am looking to block the WP media library folder so that any user that is not logged in cannot access any file or share that file outside of Wordpress, the website is also using Cloudfare and cache is switched off.

For the htaccess file i have the following code added but so far zero luck.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} wp-content/uploads/(.*)$
RewriteCond %{REQUEST_URI} !\.(css|js|php)$
RewriteRule . /index.php?aam-media=1 [L]
</IfModule>

Any idea of how to get this to work?

 

[serpent_driver]

Try this:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:Cookie} !wordpress_logged_in_ [NC]
    RewriteCond %{REQUEST_URI} ^/wp-content/uploads/([0-9]{4}/[0-9]{2}/.*\.(jpg|jpeg|png|gif|bmp|webp))$ [NC]
    RewriteRule . /index.php?aam-media=1 [L]
</IfModule>

Notice: You should use a placeholder image instead of redirecting to a WP page (index.php?aam-media=1), otherwise the URL defined in the <img> tag will point to a WP page and generate an error for each image.

 

[vnet]

You can try this plugin https://wordpress.org/plugins/prevent-direct-access/

 

[serpent_driver]

You can try this plugin https://wordpress.org/plugins/prevent-direct-access/

You don't need an extra plugin for every little thing. Every additional plugin just makes your site slower. Apache and LiteSpeed provide you with everything you need with just a few lines of code.

 

[vnet]

You don't need an extra plugin for every little thing. Every additional plugin just makes your site slower. Apache and LiteSpeed provide you with everything you need with just a few lines of code.

I know that. This is just advice with additional options for this issue, to have more choices and be more suitable.

 

[serpent_driver]

I know that. This is just advice with additional options for this issue, to have more choices and be more suitable.

However, you are encouraging other users to install even more plugins. It may be convenient to be able to solve a problem with a plugin, but as already mentioned, every additional plugin creates new problems that would not have existed without the additional plugin being installed. A lot of WordPress (performance) problems are caused by too many plugins.