I am using the following to prevent unauthorized access to files. (This is an .htaccess question, but may also require familiarity with WP Jetpack)
RewriteRule ^wp-content/uploads/archive/(.*)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]
It redirects request for files through a module that checks to see if the requestor has access.
The problem is that a specific requestor, WordPress Jetpack is locked out and I want to let them in to generate thumbnail images.
If you are familiar with WordPress Jetpack, you know it generates image thumbnails such as http://i0.wp.com/www.example.com/wp-content/uploads/archive/2015/10/SH3_2173.jpg
To solve this, I assume I need two pieces of information:
- How to identify when Jetpack is the one making the request (perhaps it is identified as coming from the wp.com domain?)
- How to exclude a specific entity (e.g. wp.com) from the above RewriteRule
Part 1 is really a WP Jetpack question, and part 2 is an .htaccess question; so not sure the best place to post this, but I felt keeping them together would be helpful for context.
I solved it with this:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} !Photon.+ [NC]
RewriteRule ^wp-content/uploads/(.*)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]