My issue is the following, I need to secure a specific subfolder in my /uploads/ to protect some user files and it should be only accessible from administrators.

Basically, I have a folder called wp-content/uploads/usersdocs/ where my users are uploading their documents to get verified. Of course this folder should not be accessible from anybody else then administrators who instead will check these files for veryfing personal data.

I’ve read about using rewrite conditions in .htaccess but somebody said that it’s not the best solution. Example I’ve tried (just for loggedin users and without success):

RewriteCond %{HTTP_REFERER} !^https://(www.)? [NC]
RewriteCond %{REQUEST_URI} !hotlink.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ [NC]

Could you please give me some direction, if possible?

Read more here: WordPress / htaccess – prevent non-admin users to access specific media folders


If you know the solution of this issue, please leave us a reply in Comment section, to update the question.

Wordpress related questions and answers: