I want to allow admins to upload attachment to a particular post type via ACF.
The post type is private and the file uploaded would consist mainly in PDF files, doc files and some images. Such files should be accessible only by admins, either from backend, by url or (in future) by a restricted frontend area.
There’s a problem though. Files uploaded with the media uploader are all made public to crawlers that look for media in content/uploads. Configuring a robots.txt to disallow crawling for specific files is not going to help (besides some files are images and I want normal images to be indexed). I don’t want google, crawlers or unauthorized humans to access to files attached to these specific posts.
My server runs on nginx and therefore htaccess tweaks are not possible. I’m not sure about nginx.
Do you have any advice for what I’d like to do?
I just thought of a possible workaround, which might not be fit for every need but it’d suit any installation, regardless if one is using nginx, apache, etc:
an ACF file upload field / file manager that uploads files to a GoogleDrive, Dropbox or other cloud storage directory via WordPress but without using the Media Uploader, thus not uploading said file in /wp-content/uploads folder.
However it should give a mean to retrieve the file by an admin or someone with proper rights from frontend or wpadmin
Thanks for all the information. It seems like your requirements are a bit too custom for the standard ACF functionality.
Perhaps you could think about writing a new field type that uploads the image to somewhere else? This way you could have full control over the functionality.
You will find articles and a starter kit on the resources page
Yes after some thought I do have plans to write a custom field to upload/link files to cloud storages. It probably won’t take little time, but I think it might be useful. When it’ll be ready I’ll release it on Github and notify you and the community.