⚡️Cyber Monday Flash Sale 70% Off:
H :
M :
S
Get 70% Off
⚡️
Pricing
  1. Home
  2. Knowledge Base
  3. BuddyBoss Platform Docs
  4. Media Uploading
  5. How to Restrict Media Permissions in BuddyBoss

How to Restrict Media Permissions in BuddyBoss

Introduction


Media permissions in the BuddyBoss Platform protect your privacy by preventing direct access to uploaded files such as photos, videos, and documents. Instead of being accessible through raw URLs, files remain available only when properly embedded in your site.

This article explains how to configure media restrictions for Apache, Nginx, and OpenLiteSpeed servers to ensure your files are secure.

Restrict Media Access on Apache

  1. In BuddyBoss Platform version 1.7.0 and later, updating your platform automatically adds a .htaccess file to the bb_videos, bb_medias, and bb_documents folders.
  1. This .htaccess file instructs the Apache web server to display a “Forbidden” error message when someone attempts to access the original media URL, effectively restricting direct access.
  2. This setup ensures that media files are only visible when they are properly embedded on your website, protecting your privacy.
  3. Note: Removing the .htaccess file from these folders will allow direct URL access to your media, which is not recommended due to potential privacy and security risks.

Configure Media Restrictions on Nginx

  1. Update your BuddyBoss Platform to the latest version; you should see an index.html file in the bb_videos, bb_medias, and bb_documents folders.
  2. Open the Nginx configuration file:

If you manage your server, open the file using Terminal:

$ sudo nano /etc/nginx/nginx.conf

Alternatively, if your site uses virtual hosts (e.g., /etc/nginx/sites-enabled/example.conf), open that file with:

$ sudo nano /etc/nginx/sites-enabled/example.conf

  1. If you lack direct access, ask your hosting provider to update the configuration.
  2. Insert the following code blocks into the configuration file to restrict access to bb_medias, bb_videos and bb_documents folder.
location ~* /wp-content/uploads/bb_medias/ {
if ( $upstream_http_x_accel_redirect = "" ) {
return 403;
}
internal;
}
location ~* /wp-content/uploads/bb_videos/ {
if ( $upstream_http_x_accel_redirect = "" ) {
return 403;
}
internal;
}
location ~* /wp-content/uploads/bb_documents/ {
if ( $upstream_http_x_accel_redirect = "" ) {
return 403;
}
internal;
}
location ~* /wp-content/uploads/bb_medias/ {
autoindex off;
}
location ~* /wp-content/uploads/bb_videos/ {
autoindex off;
}
location ~* /wp-content/uploads/bb_documents/ {
autoindex off;
}
  1. Save the configuration file and restart Nginx to apply the changes.

Note:
– Removing these codes will make the media files accessible directly.
– Replicate these settings in your production server configuration if needed.

Restrict Media Access on OpenLiteSpeed

  1. In your Openlitespeed configuration, set Auto Load from .htaccess to “Yes”.

Restart the Openlitespeed service by running:

$ sudo /usr/local/lsws/bin/lswsctrl restart

Or, you can restart it from the panel as shown in the screenshot below.

  1.  Alternatively, use the control panel if available.
  2. Delete any existing .htaccess files from the following folders:
    • wp-content/uploads/bb_medias/.htaccess
    • wp-content/uploads/bb_documents/.htaccess
    • wp-content/uploads/bb_videos/.htaccess
  3. Refresh your WordPress admin dashboard to verify that new .htaccess files are automatically generated in these folders.
  4. Restart Openlitespeed again to ensure the new restrictions are applied.

Note: Media files uploaded via the BuddyBoss Platform frontend will not appear in the WordPress Media Library on version 1.7.0 or above, as the restricted media URLs are designed for controlled access only.

Troubleshooting and FAQs

Q: What happens if I remove the .htaccess file from the Apache folders?
A: Removing the .htaccess file will allow direct access to your media files via their URLs, potentially leading to privacy and security issues.

Q: How can I verify that media restrictions are working on Nginx?
A: After updating the configuration and restarting Nginx, try accessing a media URL directly. A 403 error should appear, indicating that the access restriction is active.

Q: Why aren’t media files showing in the WordPress Media Library on Openlitespeed?
A: Media uploaded from the BuddyBoss Platform frontend are intentionally hidden in the Media Library to maintain privacy, as public access via the WP media URL contradicts the restricted access settings.

Q: What should I do if I revert to an earlier version of the BuddyBoss Platform?
A:

  • For Apache: Delete the .htaccess file from the wp-content/uploads/bb_medias folder to restore the previous media display, while document and video restrictions will remain intact.
  • For Nginx: Remove the restriction code for bb_medias from the configuration file while keeping the document and video restrictions.
Was this article helpful?
Yes No

Related Articles

Subscribe to Our Newsletter

Stay In Touch

Subscribe to our Newsletter, and we’ll send you the latest news from BuddyBoss

  • This field is hidden when viewing the form
  • This field is for validation purposes and should be left unchanged.

Platform

Company

Compare

See All Comparisons

Use Cases

See All Use Cases

Resources

Agency

  • Group 139Created with Sketch. © All rights reserved, BUDDYBOSS LLC 2025

To speak to our Agency consultant, fill in the form found at our Contact Page.

Get Started
  • Get Started

    Enter your name and email address to get started with your project...

  • This field is for validation purposes and should be left unchanged.
We respect your privacy.