Restricting Access to a Folder Using .htaccess
If you want to restrict access to a specific folder on your WordPress site — such as uploads/PrivateFolder — you can modify the .htaccess file to ensure only logged-in users can access its contents.
This method is useful for protecting private files, such as restricted documents or media uploads accessible only by registered users.
Editing the .htaccess File
Open the .htaccess file located in the root of your WordPress installation and add the following code just after the # BEGIN WordPress line:
# BEGIN WordPress
<IfModule mod_rewrite.c>
Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^.*uploads/PrivateFolder/.*
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule . /wp-login.php?redirect_to=%{REQUEST_URI} [R,L]
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Warning: Possible 500 Error
Adding these rules may trigger a 500 Internal Server Error if the server doesn't support certain directives. To prevent this, make sure to include the following lines before the <IfModule mod_rewrite.c> section:
Options +FollowSymLinks
Options +Indexes
Reference
For more information, refer to this external guide: Attachments visible only to registered users
