Pantheon Community

Is there a way, with a WordPress site on Pantheon, to force login when accessing assets in the uploads directory?

Is there a way, with a Wordpress site on Pantheon, to force login when accessing assets (images, videos, etc…) in the uploads directory?

I have it forcing login on the entire site now, but images and videos are still accessible directly without login.

Asked by Matt Webb.

1 Like

Matt,
When someone requests a file (e.g., video from the WP uploads file), the web server responds by sending the user that file. The web server doesn’t even need to ask the CMS what to do, because the requested URL is just a static asset.

What you’re looking for is called something like “private files” (or at least in Drupal it is). This article may point you in the right direction from a WP perspective: https://tech-tamer.com/how-to-keep-an-uploaded-file-private-in-wordpress/

Just remember that you can’t change the server config on Pantheon, so if a plugin asks you to add, e.g., a rewrite rule to .htaccess file, that won’t work.

Good luck!
-Chris

Hi Matt,

The Wordpress Download Manager plugin may be a good option for what you’re trying to do. It has a couple of options for securing files using cloud storage services like Dropbox & Amazon S3. Inside the site it generates a temporary download link when a user hits the download button, one that isn’t usable via direct url. This is a good option when you can’t modify .htaccess files.

Here’s a good list of other download management plugins that may fit your needs.