How To Protect Upload Images in BPS

Home Forums BulletProof Security Pro How To Protect Upload Images in BPS

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • August 22, 2019 at 12:31 am #37774
    AW
    Participant

    Greetings BPS,

    I encounter a security issue.
    My website does the registration for guests( I am doing an accommodation business )
    Eventually all guests images is scan and upload via our website.
    All the images is saved in the wordpress image folder as usual:-
    Other users will not be able to view any files in the link beside >>>>> https://xxxxxxx.com/wp-content/uploads/2019/08/

    However, user can view the file IF user specified the link like below :-
    https://xxxx.com/wp-content/uploads/2019/08/image.jpg

    Is it possible to add a code to block the images viewable ?

    Please advise.

    Best regards,

    Alex

    August 22, 2019 at 7:31 am #37775
    AITpro Admin
    Keymaster

    You can protect images so that no one including yourself or your website can display them.  You can protect images by allowing them to only be viewed by logged in users.  You can protect images by using a membership plugin or theme.

    If you want to display images anywhere on your website then the only protection you can use is something like adding a watermark to images.  What exactly do you want to do with images?  ie do you want to display them on your website or not display them on your website?  Are the image files only used for something like a person is submitting an image to be used as an example to do some sort of job or service?  ie Vehicle Wrap or Sign work examples.

    August 22, 2019 at 5:02 pm #37776
    AW
    Participant

    Greeting BPS,

    To be specified, all the new upload images is their ID and for the hotel accommocation to keep as acopy during check in.

    Only the ID is for personal reference. It is risky that if users known the access – example the whole link

     

    August 22, 2019 at 7:44 pm #37777
    AITpro Admin
    Keymaster

    Ok so what you need to do is this.  Whatever upload form (plugin or theme) you are using you need to change the folder path option setting for where these images are stored under the hosting account.  Good examples:  /wp-content/ID/ or /wp-content/uploads/ID/.  Then you need to manually copy the /wp-content/bps-backup/.htaccess file to your new ID folder.  The BPS Backup folder htaccess file denies Browser access to all files in the directory/folder that you put the htaccess file in and where you are now storing uploaded ID images.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.