How To Protect Upload Images in BPS

Home Forums BulletProof Security Pro How To Protect Upload Images in BPS

This topic contains 3 replies, has 2 voices, and was last updated by  AITpro Admin 1 month, 3 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #37774

    AW
    Participant

    Greetings BPS,

    I encounter a security issue.
    My website does the registration for guests( I am doing an accommodation business )
    Eventually all guests images is scan and upload via our website.
    All the images is saved in the wordpress image folder as usual:-
    Other users will not be able to view any files in the link beside >>>>> https://xxxxxxx.com/wp-content/uploads/2019/08/

    However, user can view the file IF user specified the link like below :-
    https://xxxx.com/wp-content/uploads/2019/08/image.jpg

    Is it possible to add a code to block the images viewable ?

    Please advise.

    Best regards,

    Alex

    #37775

    AITpro Admin
    Keymaster

    You can protect images so that no one including yourself or your website can display them.  You can protect images by allowing them to only be viewed by logged in users.  You can protect images by using a membership plugin or theme.

    If you want to display images anywhere on your website then the only protection you can use is something like adding a watermark to images.  What exactly do you want to do with images?  ie do you want to display them on your website or not display them on your website?  Are the image files only used for something like a person is submitting an image to be used as an example to do some sort of job or service?  ie Vehicle Wrap or Sign work examples.

    #37776

    AW
    Participant

    Greeting BPS,

    To be specified, all the new upload images is their ID and for the hotel accommocation to keep as acopy during check in.

    Only the ID is for personal reference. It is risky that if users known the access – example the whole link

     

    #37777

    AITpro Admin
    Keymaster

    Ok so what you need to do is this.  Whatever upload form (plugin or theme) you are using you need to change the folder path option setting for where these images are stored under the hosting account.  Good examples:  /wp-content/ID/ or /wp-content/uploads/ID/.  Then you need to manually copy the /wp-content/bps-backup/.htaccess file to your new ID folder.  The BPS Backup folder htaccess file denies Browser access to all files in the directory/folder that you put the htaccess file in and where you are now storing uploaded ID images.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.