The Community forums are being phased out in favor of a new Slack group.
Add your email address below to get an invitation to join the community slack group

Help Desk

Quick Links

Discussions I'm Subscribed To
Discussions I Voted For

New Discussion

Prevent not logged users from downloading files uploaded by formidable

December 15, 2015 at 6:37 pm

After looking for a solution i've found a nice trick to secure the files uploaded by formidable. It's not 100% secure though because users can still force the download by creating a cookie but for most users it's fine.

Basically you have to create a .htaccess in /wp-content/uploads/formidable and put the following lines in it.

RewriteCond %{REQUEST_FILENAME} ^.*(pdf|doc|docx|ppt|pptx|doc|docx)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . - [R=403,L]

Is a check to test that the user have the wordpress cookie set. If not it throws an error.

Discussion closed.

Quick Links

Labels

Notifications