未加星标

How to Hide Media Attachment Pages in WordPress

字体大小 | |
[开发(php) 所属分类 开发(php) | 发布者 店小二03 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

The WordPress core makes it’s easy to password protect posts and pages ― a handy feature if you want to easily limit access to certain content. The only problem is that any images or videos you display on those pages can still be accessed by going straight to the media attachment pages.

This can be a real problem if the media files contain important information that you wish to keep behind password-protection. One solution to this problem is to drop WordPress’ support for media attachment pages. If you aren’t actively using attachment pages, then simply dropping them from your site will mean users have to access the password-protected post or page to view the content.

In this post, we’re going to explore two ways to solve this problem. First, we’ll solve the problem with a child theme and a bit of code. Second, we’ll demonstrate how you can solve the problem with a free plugin.

Ready? Let’s get to it.

When to Hide Media Attachment Pages

Let’s say you have created an awesome tutorial. It’s all contained on one page. It includes a couple thousand words of content, one or two short videos, and a handful of illustrative graphics.

This is a just a one-off deal for you, you aren’t setting up shop as an online instructor, so you aren’t interested in installing a complete online course solution likeCoursePress Pro. So you just select the option to password protect the page in question and deliver the password in an automated email that goes out whenever someone pays for access to the tutorial.


How to Hide Media Attachment Pages in WordPress
Now your guitar lesson is safely hidden behind a password

You’ve found a simple solution that solves the problem without requiring too much effort. Good job.

A few weeks later you realize that you have a problem. Someone shared one of the images from your post on social media using the attachment page URL, and the attachment page can be accessed without entering a password.


How to Hide Media Attachment Pages in WordPress
Everyone can still see how to play a C#m/G# bar chord

What’s worse is that your theme adds links to the attachment page allowing visitors to easily navigate through all of the images you attached to your hidden post. Not awesome.

The good news is that this is a problem you can quickly remedy.

Hiding Attachment Pages with Code

If you’re handy with an FTP client and a text editor, you can quickly solve this problem with a child theme. All you need to do is add a single line of code to image.php and optionally to video.php .

If you take a look at the WordPress template hierarchy you’ll see that the most specific template file you can create for an attachment page is a file named using the format MIME_type.php . This means that if you have images and videos on a password-protected page, and you want to hide the attachment pages for both types of files, you’ll need to edit a different file for each type of media.

Let’s start with image.php . But before you start editing any files, make sure you’re using achild theme.

Once you have a child theme installed and activated, create a blank image.php file on your computer. Now, open it up with your text editor and add the following bit of code to the file:

Save and close the file, and then upload the file to the root directory of your child theme.


How to Hide Media Attachment Pages in WordPress

1.6 million WordPress Superheroes read and trust our blog. Join them and get daily posts delivered to your inbox - free!

Now, when someone attempts to access an image attachment page, the image.php file will load and automatically redirect them to the post associated with that image. Exactly the behavior we’re looking for. Anyone attempting to access the image attachment pages from our password-protected page will be redirected to the password-protected page and have to enter the password to access the page.

To add the same protection to video attachment pages, create a video.php file and add the same bit of code to the file.

That’s a pretty simple trick to hiding attachment pages using code. However, if you’d rather get the job done without using a text editor and FTP client, there is another option.

Hiding Attachment Pages with a Plugin

If you’d rather avoid setting up a child theme and writing (or copying and pasting) even a single line of code, you can also use a plugin to redirect all attachment pages.


How to Hide Media Attachment Pages in WordPress

Attachment Pages Redirect is a free plugin available at WordPress.org that does exactly what the name suggests. It redirects all attachment pages either to the parent post they are attached to using a 301 (permanent) redirect, or the homepage using a 302 (temporary) redirect if the media isn’t attached to a parent post.

The plugin is active on over 10,000 WordPress websites and has a rating of 4.7 out of 5 stars.

To start using Attachment Pages Redirect go to Plugins > Add New in the WordPress admin area and search for “Attachment Pages Redirect.” Click Install , then click Activate , and you’re done.

No additional configuration is necessary. Visit any attachment page and you’ll find that you are automatically redirected either to the parent post or the site homepage.

No Such Thing as Complete Protection

Either of the strategies we’ve covered will ensure that users have to use a password to view the images and videos you add to a password-protected post. However, no strategy can fully protect your media assets.

Users with legitimate access to the media content can still scrape your content quite easily in two different ways:

By inspecting the page source code and locating the direct-access URLs for your media files. By using software to take screenshots of images or record video content as it streams.

There are additional steps you could take to attempt to thwart these efforts ― such as adding server-level redirects preventing direct access to media files and using javascript to attempt to block other collection efforts. But ultimately, all of these strategies can be circumvented and a user bent on scraping your media assets is going to figure out a way to do so.

In the end, there’s no way to completely protect media files. The moment you let anyone else access them, you’ve given up an element of control over the content. So keep this caveat in mind anytime you upload content to your website ― even password-protecting a post offers only limited protection for your content.

If you absolutely cannot bear to see an image or video stolen and posted in a public forum, don’t upload it to your website.

Wrapping Up

The built-in password protection feature in WordPress makes it easy to provide limited access to a page or post. However, what it doesn’t do is adequately protect the attachment pages for media displayed on a password-protected page or post.

The solution is quite simple. With just a single line of code you can redirect attachment pages to the parent post, and if you don’t want to write (or copy and paste) even a single line of code, Attachment Pages Redirect will do the work for you.

本文开发(php)相关术语:php代码审计工具 php开发工程师 移动开发者大会 移动互联网开发 web开发工程师 软件开发流程 软件开发工程师

主题: WordJavaScriptJavaC#
分页:12
转载请注明
本文标题:How to Hide Media Attachment Pages in WordPress
本站链接:http://www.codesec.net/view/520104.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(php) | 评论(0) | 阅读(53)