I understand that every item in the media gallery including anything uploaded through Medapress is always accessible (despite the privacy settings) when someone knows the absolute url to the file. Very often you can simply guess the absolute url. That’s the reason why I this plugin (https://wordpress.org/plugins/wp-upload-rename/) to automatically change the name of all uploaded photos and files to a random string. The random string basically works like a password. Without knowing the string you can’t download but you can still successfully she the absolute url if someone needs to download. As I understand it the media library index is hidden to the outside so that it’s almost impossible to download anything if you are not the creator of the media. I think Facebook works similar.
Unfortunately Mediapress media files are not renamed with the above mentioned plugin. It pretty much renames everything, even plugin zips, but doesn’t get to rename Mediapress files. Could you maybe support this or another auto upload rename plugin for better security. That would be awesome!
- Brajesh Singh on August 5, 2016 at 10:02 pm #4951
Thank you for posting.
A few months ago I had posted a tutorial showing how to do it with uploadplus plugin.
The upload rename plugin is new compared to that and I haven’t looked at it.
Please see if this post helps you
Thanks so much, Brajesh! That’s exactly what I was looking for. I tested the upload plus plugin with your custom code and it works great. I still think that the newer “upload rename plugin” is a little better because it is a lot smaller and still supported because it is very new. It also doesn’t change the display title of the file but only the file name. The upload plus plugin is a lot bigger and not supported anymore. Sometimes (eg. on Mediapress) it changes the display title to the random string, which is not very user friendly. Because of the Exif strip functionality it also seems to be destined to probably give some upload errors once in a while. It also doesn’t allow for customization of the random strings. Anyway I have a working solution with upload plus and I could change the string length of 20 in the code itself. Thanks again.
- Brajesh Singh on August 9, 2016 at 1:06 pm #5006
Thank you for the feedback.
Will certainly add tutorials to show compatibility with the new plugin in future. Currently my hands are full, so please use the above approach for now(and you may ping me in 15 days for the new plugin).
Just coming back to you regarding a potential wp_upload_rename tutorial regarding the newer plugin mentioned above (https://wordpress.org/plugins/wp-upload-rename/). Not a matter of urgency, only if you have some time now…
- Brajesh Singh on September 1, 2016 at 2:50 am #5337
I or Ravi will do it this weekend.
Thank you for reminding.
- Brajesh Singh on September 12, 2016 at 12:25 pm #5551
I had a look at the code of this plugin.
At the moment, The plugin lacks in many ways.
1. There is no way to access the created object
2. If you create another object from it, The hooks will rerun because of the constructor
Until the plugin exposes some way to access the created object or avoid resetting up of hooks, I don’t think I should post any code.
If you still want it, Please modify the plugin and add a line below this
add_filter('wp_handle_upload_prefilter', array(&$this, 'rename'));
add_filter('mpp_handle_upload_prefilter', array($this, 'rename'));
That will do it. It’s a bad idea anyway.
Thanks Brajesh! I don’t know how to code so that I can’t judge the plugin’s code. If I understand you correctly it wouldn’t be a good idea to even add the filter in the plugin itself? I understand that it’s not perfect to modify a plugin itself because of the upgradeability and all changes being wiped out after an update. But besides that problem could it cause any issues by applying the filter in the plugin itself?
- Brajesh Singh on September 15, 2016 at 5:39 pm #5642
The plugin is very lightweight and I would have recommended it wholeheartedly if it allowed using it by 3rd party. For now, Please avoid it. May be I will try to send them a pull request on github in future when I have some free time.
You must be logged in to reply to this topic.