MediaWiki extensions manual
Release status: unmaintained
Implementation Hook
Description Protects uploaded files in the images directory from direct linking.
Author(s) Rob
Latest version 1.1
MediaWiki 1.12.0+
License GPL
Download Cut and paste from this page.

You may prefer to use the standard image authorization mechanism provided by MediaWiki. See Bugs for the limitations of this extension. In the access log you may see entries like:

Overview edit

One of our MediaWiki-based research projects requires login to mediaWiki to read article content. It also needs to prevent people who have not logged in from being able to access documents and images that are uploaded into the filesystem accessible though the Image:, and Media: namespaces. This extension addresses the second of these issues.

Bugs edit

  • The extension seems to cause some server load issues with repeated loopback requests which may be malformed - use with caution.

Installation edit

Add this line to your LocalSettings.php:


Copy this code and create a file inside the extensions directory called ImageProtection.php.

 * ImageProtection extension
 * Protects uploaded files in the images directory from direct linking
 * @file
 * @ingroup Extensions
 * @version 1.1
 * @author Rob
 * @link http://www.mediawiki.org/wiki/Extension:ImageProtection Documentation

// Extension credits that will show up on Special:Version
$wgExtensionCredits['other'][] = array(
	'name' => 'ImageProtection',
	'author' => 'Rob',
	'version' => '1.1',
	'url' => 'http://www.mediawiki.org/wiki/Extension:ImageProtection',
	'description' => 'Protects uploaded files in the images directory from direct linking.',

function fnImageAction($output, $article, $title, $user, $request, $wiki) {
	global $wgUploadDirectory;
	if( $request->getText('action') == 'image' && $user->isLoggedIn() ) {


		$image_path = $wgUploadDirectory."/".$request->getText('image');
		preg_match("/.+\/(.+?)$/", $image_path, $result);

		$image = Image::newFromTitle($result[1]);
		if( file_exists($image_path) ) {
			header('Content-Type: '.$image->mime);
		return false;

	return true;

$wgHooks['MediaWikiPerformAction'][] = 'fnImageAction';

Create an .htaccess file inside the images directory in your wiki. Apache will need to have the directive AllowOverride All set for the images directory so it will read and execute the .htaccess file.

.htaccess file:

RewriteEngine On
RewriteRule ^(.*)$ /wiki/index.php?action=image&image=$1 [L] [QSA]

You will need to change or remove /wiki from the RewriteRule depending on the path of your installation.