james d. low |
live / work / play / worship |
Ok, latest wordpress plugin. I’m getting quite into these. The other two were modifications. This one is completely from scratch. There are several plugins to make a blog private, making it a good tool for basic collaboration / group ware. However file attachments / images have still been visible too the public, until now.
Private files acts as a proxy, making sure users are logged in before they can download any files. The nice thing about is, it doesn’t modify the current uploads at all, doesn’t store files in a different place, so if you want to stop using it, all links to files stay the same, so you don’t need to redo anything.
Download it here: http://wordpress.org/extend/plugins/private-files/
If you have deactivated the plugin or deleted it and you want to unprotect your files manually, just delete the .htaccess file within your wp-content/uploads directory.
As with most wordpress plugins, the security is not guarenteed, use at your own risk.
Change Log:
0.34
Bug fix so this actually works under various wordpress conditions, eg. root and not root installations of wordpress
Tested with wordpress 2.5.1
| If you found any of the software useful, please consider supporting its further developement by donating. |
I’m getting an error when I try to activate the plugin:
Parse error: syntax error, unexpected ‘{’ in /www/pathto/plugins/privatefiles.php on line 31
try redownloading / uploading the plugin. i just tried the latest version (0.3) from wordpress and it worked fine for me.
No, of course it’s still the same problem, the file is not corrupted. Most likely it’s a PHP-problem, maybe you’re using a tag that does not work with PHP 4.4.7.
You could be right, I’m only testing on PHP 5. I’ll give PHP 4 a test and get back to you.
Thank you very much. I’ll be checking back.
Ok, done a quick update to version 0.31, and should now work with PHP4
Thank you! I’ve managed to install it now. =D
great, let me know how it goes, this plugin is only a few days old, so it will probably need some issues worked out…
After enabling the plugin and protecting my files, I find I cannot download files even after I have logged in. The plugin seems to not be intercepting the 404 error, since I’m always redirected to my 404 page.
I’ve disabled all other plugins to make sure I had no conflicts. Any suggestions? Dreamhost is my web host — do you know of any code in the plugin that might be incompatible with their php setup? I’ve run into that once before…
Thanks!
Hi scott, my blog is hosted on dreamhost, so it should work with yout setup. The first thing I can suggest is makes sure you have enabled rewrite rules in wordpress. For example this post has a virtual url: http://jameslow.com/2008/01/28/private-files/
If you’re using wordpress with urls like:
http://www.myblog.com/?p=123
It won’t work.
Thanks James. Good to know the host isn’t the issue. I am using permalinks the same way you are. I’ll keep exploring, and will let you know if I find the culprit.
Firstly, THANKS!
I’ve been searching for a plugin like this for a long time.
Can files be downloaded only by right-clicking links?
Are you going to develop the plugin further? Do you have a roadmap? Hope you do.
jak
Hi!
Can the plugin be modified so that only a specific group of Login/Registered Members e.g. Contributors can view the private files?
Thanks!
~ Melba
Hi Jakfolio / Melba,
Currently there is no roadmap, though it does sound good to be able to have users of a certain level access files, and it would be possible to implement. I’ll let you know if I ever add that feature.
J
Hi, I tried this plugin on an wp-mu install but couldn’t get it to work, I guess it is because mu uses its own rewrite rules for the upload directory. Any ideas on how to get it to work?
Hey everyone, just to let you know there’s a new version out with an option to allow only users above a certain level to do few files.
Manne,
Never used wp-mu, it very could be because of the rewrite rules in the upload directory. It may be possible to make them work together, but I don’t see it in the near future.
Hi, I think it’s a great plugin and right for what I searched so long. But one issue: I created custom roles with role manager, but your plugin assumes that there are still the default roles. I protected files with user access level “All”, so any logged in user should see the file, right? But it doesn’t work. My user has level 5 with custom capabilities and cannot see the file. Only the admin does. Would it help to reestablish the default roles?
hi,
what do you mean by “root is using .htaccess authentication?
My Apache server supports it, but I have no .htaccess. Do I just need to add that file/
but then what do I put in that file?
Do I need to specify a string of text that will redirect to the WolrdPress authentication from the database, instead of looking for a password from the user?
Every time I install your plug-in I find that the folder to protect ends up being protected… by the .htaccess files, and thus I need to provide 2 passwords…
Also I am using WP-Multilingual and when I set up the Permlink, I can only use the full links… the redirections from root fail.
I have a problem, it seems that plugin doesn’t process 404. A link to file is like “www.mysite.com/wp-content/uploads/2008/04/myfile.mp3″ and I get nothing. No page and no file.
When plugin is off and files unprotected - download starts, when is on - nothing.
I use latest version of wordpress for today.
hmm… interesting… when protected - no file, when unprotected - downloading ok. .htaccess is in its place in both cases. So, it seems plugin is processing 404.
But what then? Any ideas?
Ok, realised there was a few problems with this plugin. I’ve released a new version that has been test with wordpress 2.5.1
love the plug in - but it killed my rss feed! Any clues to why that would happen?
hmmm, I’m not sure, are you using allow categories as well? because that will disable your rss feed or just show titles depending on your settings.
sites that i used this plugin on are still working in rss feeds.
I am using the Private WP plug-in. The blog is live - I dont want to mess with it until tonight - but I will send you the errors on the feed once I can get to them. Thanks for your response!
Hi James,
I stumble upon your lugin, and it seems to be the perfect one for protecting files!
I just had few questions:
- Will it protect all folders and sub-folders within the wp-uploads folder?
- Do you need only one .htaccess ?
- there are no difference between files uploaded from Wp or by ftp with your plugin ? (i mean your plugin will not make a difference, right ?)
thanks a lot!
Sebastien
Yep, this plugin will protect sub-folders because the .htaccess rules apply to all sub-folders until apache detects another one. And yes it should work the same for files uploaded by FTP or wordpress.
This plugin is offered for free though, and I can’t guarentee it is 100% flawless.
I am getting the following errors when I try to protect my files. Any help would be appreciated. Thanks.
Warning: mkdir() [function.mkdir]: No such file or directory in /home/theeslbl/public_html/litconn/corporate/wp-content/plugins/private-files/privatefiles.php on line 164
Warning: fopen(/home/theeslbl/public_html/litconn/corporate//home/theeslbl/public_html/litconn/corporate/wp-content/uploads/.htaccess) [function.fopen]: failed to open stream: No such file or directory in /home/theeslbl/public_html/litconn/corporate/wp-content/plugins/private-files/privatefiles.php on line 168
Warning: fwrite(): supplied argument is not a valid stream resource in /home/theeslbl/public_html/litconn/corporate/wp-content/plugins/private-files/privatefiles.php on line 169
OK, so I fixed the errors that I mentioned above. The problem was that my uploads directory was in a sub-directory of the blog root. Once I Moved the uploads dir to the root, the files would protect fine.
Now, the problem I am having is that when the files are protected, I cannot see the files at all and I get a 404 error. This is the same problem that Scott mentions above.
Thanks for solving at least one of your problems. Sorry I’ve been a little busy and can’t look at it right now, but I will try and make the plugin work under more settings.
Hi James, my problem right now is the same that Jon have. I have my blog running on http://www.master-fundraising.it/areastudenti, ,mod_rewrite is ok, .htaccess is in the uploads directory, but when I activate the plugin it seems not to work as Jon said.
Thanks for your plugin, it really helps. ciao francesco
[...] the post revisions from 2.6. I use wordpress on some intranet pages along with allow categries and private files to control access to sensitive information. The new revisions work great because in a world of [...]
hey I am having the same problem. I reinstall a 2.51 with the plugin but still no luck. any help? Thanks
Hi! firstly, thanks for a great plugin, it’s a really elegant way of solving quite a common problem. Is there a way that your plugin can be file type specific? Because, for example, if a person creates a post which is for public consumption (i.e. loggin in is not necessary) with images in, your plugin does not allow the images to be loaded.
So, is it possible (probably adjusting the rewrite rule in the .htaccess I would guess) to specify files which are allowed - i.e. .jpg, .gif, .png, .bmp files will be allowed, but all others wont be…
Or alternatively you can specify which file types to block, so if a post/page has .doc, .pdf, .xls files attached to it, a person has to be logged in to download them…
Great plugin btw!
As a follow-up to my post above I have re-written the .htaccess file as follows:
RewriteEngine On
RewriteBase /wp-content/uploads
RewriteRule \.(gif|jpg|png)$ - [L,NC]
RewriteRule . /afilethatshouldnotexist.txt
Options -Indexes
which now allows for those 3 image types… hope this helps some people and perhaps you, James.
Hey,
Richard, sounds like a great idea, after creating the .htaccess file with the plugin, you could edit it to do what you want, as private files won’t recreate it unles you tell it to. I’m busy with other work though, so adding it as user configurable option won’t be added too soon.
For those of you with problems, paid work is stopping me from looking at them in detail. Sorry
James
Oh, I posted before your 2nd comment, thanks Richard !!!
Has anyone managed to get Private Files working with WordPress 2.6? I realize that James doesn’t have time to devote to that right now, but was just wondering if anyone else out there might be looking into the changes required to support 2.6.
Hey Nelson,
I have it working on all my 2.6 based blogs, so the problems that are coming up are something specific to the setups people have, that’s why its really hard to spend the time doing it, because I’d have to do a lot of work with them trying to see what was going wron on their setup.
James
James,
I have mine working now also. The fix was two-fold. First I had to modify our GoDaddy-hosted site configuration to actually produce real 404 errors, rather than the GoDaddy default error page.
Next I found that the .htaccess file that Private Files was generating in my uploads directory had lines like the following, in spite of the fact that my WordPress installation is in a “/word” subdirectory rather than the root of our site:
RewriteBase /wp-content/uploads
RewriteRule . /afilethatshouldnotexist.txt
Manually modifying those lines to read
RewriteBase /word/wp-content/uploads
RewriteRule . /word/afilethatshouldnotexist.txt
fixed the problem, but I haven’t yet figured out the problem in the code that caused it to be generated that way.
Spoke too soon…
Things are working fine when I use Firefox, but there is something about the headers or content being produced by the private_file() function that IE 7 does not like. It appears to perform the download of the complete file, but then either finishes without displaying any new content in the browser window (in the case of PDF files), or with a “Could not open ” error (in the case of Excel files).
James
at first… thanks for your plugin!
I have this idea. I hope you can help me.
I would to block another folder. I’m thinking to let me users to see images… and I would to protect just some file.
So I’ll put these few files into another folder… but how can I protect a different folder from UPLOADS?
Thanks in advance