IT Nursery
  • 1010 Avenue of the Moon
    New York, NY 10018 US.
  • Mon - Sat 8.00 - 18.00
    Sunday: Closed
  • Get A Quote
  • WordPress

    • How to protect media directory with .htaccess?

    • IT Nursery
    • May 30, 2022
    • 0

    I am trying to protect the uploads directory with .htacess.

    But when I browse media section in admin panel, I see user/pass popup.
    My guess is, WordPress use fopen to find if the file exists. I found mod_rewrite rule allowing fopen but I can’t figure out how to use those rules with basic HTTP authentication. Any help is highly appreciated.

    following is the rewrite rules for allowing fopen:

    RewriteEngine On  
RewriteBase /

RewriteCond %{THE_REQUEST} ^.+$ [NC]  
RewriteRule .* - [F,L]

    2 Answers
    2

    # Only allow access to this directory if they are coming from your domain; excluding you, your server, Google and any other IPs
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(xxx\.xxx\.xxx\.xxx|xxx\.xxx\xxx\.xxx|66\.249\.)
RewriteCond %{HTTP_HOST} !^(127\.0\.0\.0|localhost) [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?yourdomain\.com/ [NC]
RewriteRule .* http://yourdomain.com/ [L]

    That should help, I think

    Tags:

    Leave a Reply

    Your email address will not be published. Required fields are marked *