I am trying to protect the uploads directory with .htacess.
But when I browse media section in admin panel, I see user/pass popup.
My guess is, WordPress use fopen
to find if the file exists. I found mod_rewrite rule allowing fopen
but I can’t figure out how to use those rules with basic HTTP authentication. Any help is highly appreciated.
following is the rewrite rules for allowing fopen:
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^.+$ [NC]
RewriteRule .* - [F,L]
2 Answers
# Only allow access to this directory if they are coming from your domain; excluding you, your server, Google and any other IPs
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(xxx\.xxx\.xxx\.xxx|xxx\.xxx\xxx\.xxx|66\.249\.)
RewriteCond %{HTTP_HOST} !^(127\.0\.0\.0|localhost) [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?yourdomain\.com/ [NC]
RewriteRule .* http://yourdomain.com/ [L]
That should help, I think