Pricing
  1. Home
  2. Knowledge Base
  3. BuddyBoss Platform
  4. Media Uploading
  5. Media Permissions

Media Permissions

Introduction


This explains how to restrict direct access to your media files (photos, videos, and documents) on the BuddyBoss Platform to protect your privacy and enhance security. You will learn how to configure media restrictions on Apache, Nginx, and Openlitespeed web servers, ensuring that your files remain accessible only where you intend them to be (e.g., embedded on your website) rather than directly via their URLs.

Apache Web Server

Restrict Media Access on Apache

  1. In BuddyBoss Platform version 1.7.0 and later, updating your platform automatically adds a .htaccess file to the bb_videos, bb_medias, and bb_documents folders.
  1. This .htaccess file instructs the Apache web server to display a “Forbidden” error message when someone attempts to access the original media URL, effectively restricting direct access.
  2. This setup ensures that media files are only visible when they are properly embedded on your website, protecting your privacy.
  3. Note: Removing the .htaccess file from these folders will allow direct URL access to your media, which is not recommended due to potential privacy and security risks.

Nginx Web Server

Configure Media Restrictions for Nginx

  1. Update your BuddyBoss Platform to the latest version; you should see an index.html file in the bb_videos, bb_medias, and bb_documents folders.
  2. Open the Nginx configuration file:

If you manage your server, open the file using Terminal:

$ sudo nano /etc/nginx/nginx.conf

Alternatively, if your site uses virtual hosts (e.g., /etc/nginx/sites-enabled/example.conf), open that file with:

$ sudo nano /etc/nginx/sites-enabled/example.conf

  1. If you lack direct access, ask your hosting provider to update the configuration.
  2. Insert the following code blocks into the configuration file to restrict access to bb_medias, bb_videos and bb_documents folder.
location ~* /wp-content/uploads/bb_medias/ {
if ( $upstream_http_x_accel_redirect = "" ) {
return 403;
}
internal;
}
location ~* /wp-content/uploads/bb_videos/ {
if ( $upstream_http_x_accel_redirect = "" ) {
return 403;
}
internal;
}
location ~* /wp-content/uploads/bb_documents/ {
if ( $upstream_http_x_accel_redirect = "" ) {
return 403;
}
internal;
}
location ~* /wp-content/uploads/bb_medias/ {
autoindex off;
}
location ~* /wp-content/uploads/bb_videos/ {
autoindex off;
}
location ~* /wp-content/uploads/bb_documents/ {
autoindex off;
}
  1. Save the configuration file and restart Nginx to apply the changes.

Note:
– Removing these codes will make the media files accessible directly.
– Replicate these settings in your production server configuration if needed.

Openlitespeed Web Server

Restrict Media Access on Openlitespeed

  1. In your Openlitespeed configuration, set Auto Load from .htaccess to “Yes”.

Restart the Openlitespeed service by running:

$ sudo /usr/local/lsws/bin/lswsctrl restart

Or, you can restart it from the panel as shown in the screenshot below.

  1.  Alternatively, use the control panel if available.
  2. Delete any existing .htaccess files from the following folders:
    • wp-content/uploads/bb_medias/.htaccess
    • wp-content/uploads/bb_documents/.htaccess
    • wp-content/uploads/bb_videos/.htaccess
  3. Refresh your WordPress admin dashboard to verify that new .htaccess files are automatically generated in these folders.
  4. Restart Openlitespeed again to ensure the new restrictions are applied.

Note: Media files uploaded via the BuddyBoss Platform frontend will not appear in the WordPress Media Library on version 1.7.0 or above, as the restricted media URLs are designed for controlled access only.

Troubleshooting and FAQs

Q: What happens if I remove the .htaccess file from the Apache folders?
A: Removing the .htaccess file will allow direct access to your media files via their URLs, potentially leading to privacy and security issues.

Q: How can I verify that media restrictions are working on Nginx?
A: After updating the configuration and restarting Nginx, try accessing a media URL directly. A 403 error should appear, indicating that the access restriction is active.

Q: Why aren’t media files showing in the WordPress Media Library on Openlitespeed?
A: Media uploaded from the BuddyBoss Platform frontend are intentionally hidden in the Media Library to maintain privacy, as public access via the WP media URL contradicts the restricted access settings.

Q: What should I do if I revert to an earlier version of the BuddyBoss Platform?
A:

  • For Apache: Delete the .htaccess file from the wp-content/uploads/bb_medias folder to restore the previous media display, while document and video restrictions will remain intact.
  • For Nginx: Remove the restriction code for bb_medias from the configuration file while keeping the document and video restrictions.
Was this article helpful?
Yes No

Related Articles

Need Support?

Can't find the answer you're looking for?
Support

Platform

Company

Compare

See All Comparisons

Use Cases

See All Use Cases

Resources

Agency

  • Group 139Created with Sketch. © All rights reserved, BUDDYBOSS LLC 2025

To speak to our Agency consultant, fill in the form found at our Contact Page.

Get Started
  • Get Started

    Enter your name and email address to get started with your project...

  • This field is for validation purposes and should be left unchanged.
We respect your privacy.

Not recently active