Deny http access to a directory, allow access from WordPress plugin

Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser.

However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work.

Trying

Order Allow,Deny Deny from all http://www.site.com/wp-content/plugins/download-monitor/download.php"> Allow from all

but the download links do not now work... even though (I think) they are links produced by the script e.g.

http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf

开发者_运维百科Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.'

However, if someone knows the URL where the file was uploaded

http://www.site.com/wp-content/uploads/folder/something.pdf

they can still access it directly.

I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped!

Thanks for any help.

---

You cannot set Deny in .htaccess because your WordPress and a standard file request has the same server user - www-data/apache/http/or something.

You can for example sat folder's chmod to 700 and it will allow access for script but not for direct file call.

And accept your recent questions.