dis-allow Direct access to the upload folder content using .htaccess

Sometime you don’t want user to have a direct access to your website image folder, you can restrict that by editing the .htaccess

Note: The mode_rewrite has to be enabled on apache side otherwise the .htaccess doesn’t work, and the .htaccess file need to be inside the folder you want to restrict

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your_site\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$
RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ /wp-login.php [R=301,L]
this code is specific for WordPress, if you want to use it on the custom design/other platform there is 3 lines you need to change:
1- RewriteCond %{HTTP_REFERER} !^http://(www\.)?your_site\.com/ [NC] 
Change your_site to the site address
2- RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
change ‘wordpress_logged_in’ to the cookie name you have for login
3- RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ /wp-login.php [R=301,L]
here I am redirecting the user to the login page on WordPress once they want to access the folder directly and they’re not logged in already, so you need to change it to whatever URL you want maybe 404 page ☺


Show your support

Clapping shows how much you appreciated Nabaz Maaruf’s story.