ok we have some HTML5/js pages in directories (in WP 'uploads') on a Wordpress site. We only want LOGGED in WordPress users to be able to view them.

There were a couple of similar questions here on Stack but when we tried them their solutions did NOT work for us primarily due to our WordFence and AIO security plugins, that make adjustments to wp-config and htaccess

We got this code below to work by placing the htaccess in the directory with the HTML:

#--get file name being accessed and check
RewriteCond %{REQUEST_FILENAME} ^.*(html|mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$

#--if file being accessed is index.html check for cookie
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]

#--execute 403 if no cookie found
RewriteRule . - [R=403,L]

**BUT **it is easily fooled by creating a WP style cookie that fools the "check" Hoping someone has a better idea that is a little more secure?

None of the PHP solutions we found here so far have worked, (we tried about a half dozen) mostly for the reasons mentioned above. Some of the solutions here are over 10 years old or not related on our config (Centos 7.6, Plesk Obsidian, PH 7.X, WP 6.1x) or were a little brief :-)

(Oh and my tech guy has COVID)

Sid

CodePudding user response：

You can use ( AAC = Advanced Access Manager ) WordPress plugin for restrict access to an HTML page on wordpress site to only logged in users

CodePudding user response：

Use a plugin like User Specific Post

To restrict your specific page in the edit screen. If you have any question about the plugin ask the plugin author or wordpress.org forum.