{"id":15424,"date":"2011-10-26T06:13:17","date_gmt":"2011-10-26T06:13:17","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/htaccess-secure-files\/"},"modified":"2012-06-08T07:14:43","modified_gmt":"2012-06-08T07:14:43","slug":"htaccess-secure-files","status":"publish","type":"plugin","link":"https:\/\/lmo.wordpress.org\/plugins\/htaccess-secure-files\/","author":463746,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"0.5","stable_tag":"0.5","tested":"3.3.2","requires":"3.2.1","requires_php":"","requires_plugins":"","header_name":"Htaccess Secure Files","header_author":"Isaac Chapman","header_description":"","assets_banners_color":"","last_updated":"2012-06-08 07:14:43","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"http:\/\/isaacchapman.com\/wordpress-plugins\/htaccess-secure-files\/","header_author_uri":"http:\/\/isaacchapman.com\/","rating":5,"author_block_rating":0,"active_installs":10,"downloads":6421,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":"1"},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.1","0.2","0.3","0.4","0.5"],"block_files":[],"assets_screenshots":{"screenshot-4.png":{"filename":"screenshot-4.png","revision":"1539239","resolution":"4","location":"plugin"},"screenshot-2.png":{"filename":"screenshot-2.png","revision":"1539239","resolution":"2","location":"plugin"},"screenshot-3.png":{"filename":"screenshot-3.png","revision":"1539239","resolution":"3","location":"plugin"},"screenshot-1.png":{"filename":"screenshot-1.png","revision":"1539239","resolution":"1","location":"plugin"}},"screenshots":{"1":"Change the \"Secured File\" value to Yes on the Edit Media screen to secure a file.","2":"Select the user roles that can access secured files.","3":"Select the user capabilities that can access secured files.","4":"Select which IP addresses can access secured files."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1329,84,125],"plugin_category":[50,54],"plugin_contributors":[92623],"plugin_business_model":[],"class_list":["post-15424","plugin","type-plugin","status-publish","hentry","plugin_tags-htaccess","plugin_tags-media","plugin_tags-secure","plugin_category-media","plugin_category-security-and-spam-protection","plugin_contributors-isaacchapman","plugin_committers-isaacchapman"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/htaccess-secure-files.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/htaccess-secure-files\/trunk\/screenshot-1.png?rev=1539239","caption":"Change the \"Secured File\" value to Yes on the Edit Media screen to secure a file."},{"src":"https:\/\/ps.w.org\/htaccess-secure-files\/trunk\/screenshot-2.png?rev=1539239","caption":"Select the user roles that can access secured files."},{"src":"https:\/\/ps.w.org\/htaccess-secure-files\/trunk\/screenshot-3.png?rev=1539239","caption":"Select the user capabilities that can access secured files."},{"src":"https:\/\/ps.w.org\/htaccess-secure-files\/trunk\/screenshot-4.png?rev=1539239","caption":"Select which IP addresses can access secured files."}],"raw_content":"\n

The Htaccess Secure Files plugin can only be activated on Apache web servers with mod_rewrite enabled, and will automatically raise an error upon activation if this is not the case.<\/strong><\/p>\n\n

The Htaccess Secure Files plugin allows for setting files to be accessible only to visitors who have a specified IP address or WordPress role or capability<\/a>. By using .htaccess files<\/a> to secure the content instead of a separate directory outside the web root, WordPress's native media library functionality can be used to upload secure files and link to them from within the visual editor.<\/p>\n\n

By default all built-in WordPress roles will be allowed to access content that is marked as secure. The Settings -> Secure Files admin screen controls which roles, capabilities, and IP addresses are allowed to view or download secured files. If a custom role or capability is desired, there are several WordPress plugins<\/a> capable of creating and editing roles and capabilities.<\/p>\n\n

Any visitor that matches any selected role, capability, or IP address will be allowed to access secured files.<\/strong><\/p>\n\n

This plugin works by creating a .htaccess files in the directory of each secured file. If you manually edit the .htaccess file and it becomes corrupt (a 500 Internal Server Error is the most likely symptom), I recommend deleting the .htaccess file and then edit and save each secured item in the media library.<\/p>\n\n\n

    \n
  1. Unzip the zip archive and upload the htaccess-secure-files directory to your \/wp-content\/plugins\/ directory.<\/li>\n
  2. Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n
  3. On the 'Settings' -> 'Secure Files' admin screen select which roles, capabilities, and IP addresses will be allowed to access secure files and what the server response should be for those denied access.<\/li>\n
  4. To secure individual files edit the file on the 'Media' admin screen and change the 'Secured File' setting to 'Yes'.<\/li>\n<\/ol>\n\n\n

    0.5<\/h4>\n\n
      \n
    • Adding smarter detection when WordPress is installed in a sub-directory of a site.<\/li>\n<\/ul>\n\n

      0.4<\/h4>\n\n
        \n
      • MIME\/Content-type detection routine expanded (in order of priority): 1) Use WordPress's built-in (or plugin modified) MIME types. 2) Use Fileinfo PECL extension if installed. 3) Check with mime_content_type (deprecated). 4) Fallback to 'application\/octet-stream'.<\/li>\n<\/ul>\n\n

        0.3<\/h4>\n\n
          \n
        • \"Denied access response\" is now customizable: WordPress login, 403 Forbidden, 404 Not Found, or custom redirect.<\/li>\n<\/ul>\n\n

          0.2<\/h4>\n\n
            \n
          • Added \"Secure\" column to media manager list table<\/li>\n
          • Added simple IP address whitelisting (may add more complexity in a later version)<\/li>\n
          • Added the capability to hide\/disable the admin interface with a define statement<\/li>\n
          • Added screenshots<\/li>\n<\/ul>\n\n

            0.1<\/h4>\n\n
              \n
            • Initial version<\/li>\n<\/ul>","raw_excerpt":"Allows securing files in WP's media library to be only accessible to users with specific roles, capabilities, or IP addresses.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/15424","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=15424"}],"author":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/isaacchapman"}],"wp:attachment":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=15424"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=15424"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=15424"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=15424"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=15424"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=15424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}