Media protection add-on

Basically De******rp which is what this website is..is a major Automotive Parts Manufacturer...we created this media library which houses powerpoints, photos, pdf.. etc. That their employee's use for Marketing

The problem is that the assets are being picked up and people can search for them on google, as well as directly link. They had some random person take their official Powerpoint files and generate a proposal to them, which is a big no no.

I've used membership in the past and it worked like a charm but for whatever reason this website has a hatred for it lol

  • Luís

    Hi forthgear ,

    Hope you're doing well today!

    I would like to apologize because during the live chat I mentioned a bug on Membership 2 that I was able to replicate, but I made further tests in a fresh install and from what I tested, Media Protection add-on is working as expected.

    By default, the add-on just masks the URL, to hide the path to the image in the server, but, the users will still have access to the files. However this add-on have 2 more options that I think can help you in protecting the files:

    Advanced Media Protection

    Once you enable this option, it will be added an extra tab in Membership 2 -> Settings where you can prevent the direct access to your media files. You can set what type of files you want to protect (.jpg, .png, etc). Then, when a user try to access directly to a media file, like browsing "http://mysite.com/wp-content/uploads/09/myimage.com", will get a "forbidden" message.

    Protect Individual Media files

    Once you enable this option, it will be added an extra tab in Membership 2 -> Protection rules called "Media library items" where you can set what membership/s will have access.

    However, this just works with the masked url, if a user tried to access to the media file using the masked URL generated by the media protection add-on, will get a "no-access" icon, however, using the original URL (i.e http://mysite.com/wp-content/uploads/09/myimage.com) will be able to access.

    In your specific case, where you want to completely block the access to any external user, I will suggest you to use both options alongside, to make sure the media files are completely protected.

    I hope this information has been helpful. If I can help you in this or other related question, please let me know!

    Cheers, Luís

  • forthgear

    Thanks so much for the info. We decided to just move all of the components of that big site over to a new site so that we could just secure the entire site and get away from our theme issues. So before
    I moved it all over I wanted to make sure I could get the plugin working as expected. I enabled the Media protection and am using the Advanced Media Protection and the Protect Individual Media Files on the Media Protection add on. So on this page: http://wordpress-153952-606022.cloudwaysapps.com/index.php/test-ppt-page/ I put an image and then a link to the ppt file that I need protected. However, now I can't download the ppt even when I am logged in, it gives me forbidden (Is this because I am using the actual file name? How do I get the masked url? Is that what I need to be linking to?) And the the JPG I can access when I am logged in and when I am logged out, and I need that to be secured when I am logged out.

    What is the Mask download URL? Is that where I am missing something?

    In the end, I need logged in users to have access to download and see all media, and anyone that is logged out to have no access to download or see any media, even if they hit the direct link to it.

    Please let me know if I am doing something wrong or how to best accomplish this. I did grant support access to the site at http://wordpress-153952-606022.cloudwaysapps.com/ if it is helpful to get in and look at it. Thanks!

  • Ash

    Hello forthgear

    Would you please enable support access so that I can check the masking issue? Please follow this article to enable support access: https://premium.wpmudev.org/docs/getting-started/getting-support/#chapter-5

    In the end, I need logged in users to have access to download and see all media, and anyone that is logged out to have no access to download or see any media, even if they hit the direct link to it.

    Please note that, M2 Media Protection Addon can't protect the direct file URL. If any user has direct link to that file, they will always have access to that file and M2 can't protect that I am afraid.

    Have a nice day!

    Cheers,
    Ash

  • forthgear

    Hi Ash,
    Thanks for your reply. I just double checked, but access has been granted, are you looking on the original site or on the http://wordpress-153952-606022.cloudwaysapps.com? It is the cloudways app link that has the test page.

    Okay, thanks for the clarification on protecting the actual url. I thought that what luis was saying about the advanced media protection protected the direct url. I think maybe my main problem is that I am not understanding how the masking is supposed to work. Is the idea that you are just never supposed to put the actual url out there and so no will get it and then you just use the masked url, which can be protected? How do I find what the url is masked is? and is that the url I use when I am coding? Or do I use the actual url and then membership2 masks it? Sorry I am not sure why I am having a hard time wrapping my head around that concept.

    Also, as you will see on this page, http://wordpress-153952-606022.cloudwaysapps.com/index.php/test-ppt-page/ when I am using the protection on ppt files and doc files, I am getting a forbidden message when I try to download those, whether I am logged in or not. Could you please look into that as well?

  • Ash

    Hello forthgear

    I just double checked, but access has been granted, are you looking on the original site or on the http://wordpress-153952-606022.cloudwaysapps.com? It is the cloudways app link that has the test page.

    Thanks, yes I was checking the wrong site, too many similar sites you know :slight_smile: Sorry about that.

    I think maybe my main problem is that I am not understanding how the masking is supposed to work. Is the idea that you are just never supposed to put the actual url out there and so no will get it and then you just use the masked url, which can be protected? How do I find what the url is masked is? and is that the url I use when I am coding? Or do I use the actual url and then membership2 masks it? Sorry I am not sure why I am having a hard time wrapping my head around that concept.

    The idea is, you need not to worry about the masking url when you add the media file within the post content. The URL will be masked automatically. The masking process depends on the method you are using. Currently you are using complete protection method, so if a URL of a media is http://wordpress-153952-606022.cloudwaysapps.com/wp-content/uploads/xxx/yyy/filename.jpg and after adding in the content, in source you will see the URL like this: http://wordpress-153952-606022.cloudwaysapps.com/downloads/ms_12345.jpg where 12345 is the file ID.

    And then, you can protect the media files from Membership 2 > Protection rules > Media library items, which is you already did I noticed and now the file is not publicly accessible if you use the masked URL.

    Hope it helps! Please feel free to ask more questions if you have any.

    Have a nice day!

    Cheers,
    Ash

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.