Reputation: 379
protect wordpress uploaded files access from non-logged-in users?
I have launched a WordPress site for a private group of people. This site serves as a public representational site, but also they make "posts" with "Private" checked, so only logged in users can see those posts. Everything would be OK, but they also upload image/document files and attach/include them to private or public posts. All is OK with public posts, but when the file is used in a private post, we assume the file is confidential. But here WordPress allows accessing any uploaded file directly via a link (URL), even if you're not logged in to the site from the browser.
I tried searching but can't find something that would actually work. Even FB private groups have this file access restriction for outsiders, GitLab also has permissions, where if you are not in a project, you can't access ANYTHING that's there. It seems like if I used WordPress/Joomla/Drupal, it would be hacking/messing around to achieve what I want.
Do you have any suggestions, maybe to access uploaded files through WordPress (PHP) and not directly via web server, so via PHP I could make some SQL queries and check in what posts that file is included and whether the user is logged in? Also maybe there are some plugins that do exactly that?
P.S. I wouldn't be asking if I knew WordPress in-and-out, but in this case, I just launched it more or less.
Upvotes: 2
Views: 739
Answers (1)
Reputation: 111
One option to fix this problem is to store the file contents in the database as a blob. This could be problematic if the files are large, however, as you predicted: you can ensure that the recipient is authorised before delivering the content. Another option might be to move the file when the post is saved so that it can't be accessed directly at the http endpoint.
In either of these cases, you might then use .htaccess to redirect any GET requests for files within that directory to a new php file that delivers the content. You can check to see if the user is logged in before delivery using standard WordPress function, and/ or pull the content out of the database on the fly. These options require custom code to achieve.
(Is the file being checked for malign content, and the filename being changed to something non-deterministic, by the way? This is a vector for attack.)
If you don't wish to code, you might consider a parallel installation of ownCloud or NextCloud and then in the private post, your users place a link to the file within the other service. Both of these applications provide a number of different clients for various devices, as well as the ability to restrict access to specific groups and users.
Upvotes: 1
Related Questions
- How to secure access uploaded file on wordpress/PHP
- Control sharepoint user access to view uploaded files
- WordPress: Restrict users to see only their uploads
- Upload files to a folder that only logged in users can read php
- How to protect a public image upload folder from manipulation/direct access
- Wordpress - Private Upload Folder
- how to protect images inside upload folder from viewing by anyone EXCEPT admin
- Securing uploaded files in PHP
- Restrict accesses to the uploaded contents in Wordpress (through plugin or httpd config)
- How to restrict access to file so only owner can access?