How to block access to all site files for unregistered users in WordPress?

U

UnRealName2016-01-19 07:52:35

Information Security

UnRealName, 2016-01-19 07:52:35

I describe the situation: there is a site on WordPress, access to which is limited to registered users. It may sometimes be necessary to exclude some users. But I noticed such a feature that the site files via a direct link will be available even to unregistered users. That is, from a "supposedly closed" site, people can send direct links to pictures or PDF files, and they will work.
How to avoid it? How to make sure that all files are available only to authorized users?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrey Andrievsky, 2016-01-19
@andrievski88

It is unlikely that standard means will work, you need to look for a specialized plugin.

V

Vitaly B, 2016-01-19
@vitaliy_balahnin

I think that it is necessary to fasten something like this into the output function of attached files:
global $user_ID; get_currentuserinfo();
if (('' !== $user_ID) - check if user is authorized
Source

D

dogmator, 2017-03-25
@dogmator

It is enough to add the lines to the header.php theme file

if(!is_user_logged_in()) {
  auth_redirect();
 }