Hey,
so i host a very tiny wordpress site on my RPI, which is mainly used for private scavenger – QR code hunting. The QR code would point to a post which is password protected and solving a riddle will give away the password. Occassionally i also want to include private pictures to whatever comes after unlocking the password.
Now my question is, how do I secure my private images, so that they can’t be accessed from the internet?
What I already did was the following:
* images are behind password protected posts
* hotlink prevention, noone can access wp-content/uploads/ etc without the referer being my site
* disable attachment pages, all queries with attachment\_id=\* are rewritten to a default page
Is there anything else i can do or I overlooked ? I am aware, that in a rare case, someone could still access my uploads folder by just adding the specific refer attribute, maybe someone has a solution for that?
​
Many thanks in advance
Best Regards