I understand that every item in the media gallery including anything uploaded through Medapress is always accessible (despite the privacy settings) when someone knows the absolute url to the file. Very often you can simply guess the absolute url. That’s the reason why I this plugin (https://wordpress.org/plugins/wp-upload-rename/) to automatically change the name of all uploaded photos and files to a random string. The random string basically works like a password. Without knowing the string you can’t download but you can still successfully she the absolute url if someone needs to download. As I understand it the media library index is hidden to the outside so that it’s almost impossible to download anything if you are not the creator of the media. I think Facebook works similar.
Unfortunately Mediapress media files are not renamed with the above mentioned plugin. It pretty much renames everything, even plugin zips, but doesn’t get to rename Mediapress files. Could you maybe support this or another auto upload rename plugin for better security. That would be awesome!
Thank you for posting.
A few months ago I had posted a tutorial showing how to do it with uploadplus plugin.
The upload rename plugin is new compared to that and I haven’t looked at it.
Please see if this post helps you
Thanks so much, Brajesh! That’s exactly what I was looking for. I tested the upload plus plugin with your custom code and it works great. I still think that the newer “upload rename plugin” is a little better because it is a lot smaller and still supported because it is very new. It also doesn’t change the display title of the file but only the file name. The upload plus plugin is a lot bigger and not supported anymore. Sometimes (eg. on Mediapress) it changes the display title to the random string, which is not very user friendly. Because of the Exif strip functionality it also seems to be destined to probably give some upload errors once in a while. It also doesn’t allow for customization of the random strings. Anyway I have a working solution with upload plus and I could change the string length of 20 in the code itself. Thanks again.
I had a look at the code of this plugin.
At the moment, The plugin lacks in many ways.
1. There is no way to access the created object
2. If you create another object from it, The hooks will rerun because of the constructor
Until the plugin exposes some way to access the created object or avoid resetting up of hooks, I don’t think I should post any code.
If you still want it, Please modify the plugin and add a line below this
add_filter('wp_handle_upload_prefilter', array(&$this, 'rename'));
add_filter('mpp_handle_upload_prefilter', array($this, 'rename'));
That will do it. It’s a bad idea anyway.
Thanks Brajesh! I don’t know how to code so that I can’t judge the plugin’s code. If I understand you correctly it wouldn’t be a good idea to even add the filter in the plugin itself? I understand that it’s not perfect to modify a plugin itself because of the upgradeability and all changes being wiped out after an update. But besides that problem could it cause any issues by applying the filter in the plugin itself?
You must be logged in to reply to this topic.