[WordPress] 外掛分享: Folio Gatehouse

首頁外掛目錄 › Folio Gatehouse
WordPress 外掛 Folio Gatehouse 的封面圖片
全新外掛
安裝啟用
尚無評分
28 天前
最後更新
問題解決
WordPress 5.8+ PHP 7.4+ v1.1.8 上架:2026-06-18

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.1.8) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Folio Gatehouse」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Folio Gatehouse lets you protect files inside your uploads directory by restricting access to specific WordPress user roles. Files are served through PHP — the web server never delivers them directly — so direct URL access is blocked regardless of link sharing.
Key features:

Zone-based protection — define named zones (subfolders inside your uploads directory) and assign allowed roles to each
Custom denial screens — create HTML pages shown to blocked users, with full control over styling and messaging; separate screens for anonymous and logged-in users
Redirect on denial — optionally redirect denied users to any URL (e.g. a sales page or membership signup) instead of showing a denial screen
Login redirect shortcode — [rbfa_login_link] inserts a secure login link that returns the user to the originally-requested file after authentication, using an opaque token so no file path is exposed in the URL
Zone virtual pages — each zone automatically gets a front-end page at /protected-zone/{slug}/ with customisable title and body content, rendered inside your active theme
Browsable file listing — [rbfa_files] shortcode renders a collapsible, downloadable file listing for authorised users, with per-directory file counts, sizes, and ZIP download buttons
Access logging — every request is logged with timestamp, username, IP, file path, and status; filterable, sortable, and exportable as CSV
Role management — create and manage custom WordPress roles (fgh_ prefix) directly from the plugin, with searchable member management
.htaccess integrity — automatically writes and repairs rewrite rules across all protected directories; optional hourly cron
NGINX support — dedicated tab generates ready-to-copy location blocks when NGINX is detected
Export / Import — back up and transfer zones, roles, denial screens, and settings as a JSON file; conflict resolution on import

Security

Files served through PHP (readfile) — web server never delivers protected files directly
Path traversal blocked by realpath() boundary check before any file is served
Login redirect tokens are opaque — no file path, role, or zone information in the URL
Denial screen HTML filtered through a strict wp_kses allowlist on save and read-back
CSRF protection on every form via WordPress nonces
All ORDER BY clauses use a server-side whitelist to prevent SQL injection

Requirements

Apache with mod_rewrite enabled, or NGINX (with manual server block configuration — see the NGINX Config tab)

延伸相關外掛

文章
Filter
Mastodon