Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution


Talking about this well known solution:


Original discussion

I’m looking for a straightforward way working also on a Nginx installed WP and not only on Apache ones.


  • Is there any other code-based approach you would recommend, that
    works fine on any server environment?
  • What plugin I should take a look and purchase, that you tested and
    can confirm are able to ensure a folder protection setup on any web

So far, after testing various plugins from the official repository on a Nginx installed WP website, I discovered that a bunch of them just fail, when the web server is not using htaccess rules. This is even a bit embarassing, as many sell a PRO version that could not work over Nginx.

In my opinion, the best would be using the same approach for both:

setting a htaccess / nginx web server rule controlling any file request made toward a specific /uploads subfolder. The rule I found working well on my Apache based WP is the following:

RewriteCond %{REQUEST_URI} ^.*wp-content/uploads/restricted/.*
RewriteRule ^wp-content/uploads/(restricted/.*)$ dl.php?file=$1 [QSA,L]

I found – almost – the same rule for a Nginx environment, but despite my tests I’m still not able to make it work on a subfolder, so the following is just for the whole /uploads folder, not recommended:

location ~* /(?:uploads|files)/* {
rewrite /wp-content/uploads/(.*)$ /dl.php?file=$1;


Furthermore, as long as many clients of mines have their installations on a shared hosting, asking the provider to set a nginx rule for a single website is a lost cause most of the times.

PatrizioRD 3 months 0 Answers 10 views 0

Leave an answer