Require login for the WordPress Media Folder


Please note that while this solution is designed to work across all systems, there may be specific circumstances where it does not function as expected on your setup.

Usage When you enable this option, the plugin will attempt to block direct access to your WordPress site’s Media Library and the /wp-content/uploads folder. It will attempt to redirect any request for a file in /wp-content/uploads to WPO365’s secure download script. The script first checks whether it has already verified user access by looking for a cookie named "wordpress_wpo365_mlda". If the cookie is missing, it then checks if the user is logged in. If the user is not logged in, WPO365 will redirect them to Microsoft for authentication or deny access. Otherwise, the requested file will be served. Enabling this option will modify your website’s .htaccess file by adding rewrite rules. These rules will redirect requests to a proxy, which determines the location of the secure download script based on the premium plugin you have installed.


IMPORTANT This option is only compatible with WordPress installations running on an Apache web server. If you are using NGINX or hosting your site on IIS or Azure App Service, please follow the instructions below instead and do not enable this option.

Instructions for Apache (.htaccess)

Please try and operate the toggle as illustrated below first.

If an error is returned, then please try and update your site's .htaccess manually instead, by adding the lines below to the end of the file.

<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} ^/wp-content/uploads/
RewriteRule ^wp-content/uploads/(.*)$ /wp-content/plugins/wpo365-login/Services/Secure_Download_Proxy.php?file=$1 [L]
</IfModule><br>

Instructions for NGINX

In your server block, add the following config.

location ~* ^/wp-content/uploads/(.)$ {
    rewrite ^/wp-content/uploads/(.)$ /wp-content/plugins/wpo365-login/Services/Secure_Download_Proxy.php?file=$1 last;
}<br>

Instructions for IIS / Azure App Service

<rewrite>
  <rules>
    <rule name="Secure Uploads" stopProcessing="true">
      <match url="^wp-content/uploads/(.*)$" />
      <action type="Rewrite" url="/wp-content/plugins/wpo365-login/Services/Secure_Download_Proxy.php?file={R:1}" />
    </rule>
  </rules>
</rewrite>

Default value FALSE (not enabled)

Versions ESSENTIALS, PROFESSIONAL, INTEGRATE, CUSTOMERS (SYNC, INTRANET)

Visit the website https://www.wpo365.com/

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us