Client Portal and GridPane

2 min read

If you’re using the Client Portal plugin, you’ll see a message in your dashboard that says:

Because your server is running on Nginx, we cannot use the .htaccess file to protect your private files.
Please add the following rules to your Nginx config to disable direct file access:

location ~ ^/wp-content/uploads/leco-cp/(.*)$ { rewrite / permanent; }

You can usually ask your hosting service to help you with it. If you’re pretty sure the rules have been added, you can dismiss this message.

In our testing, the above code didn’t actually work as intended. It will return a 403 for the filepath above, but any private files inside /leco-cp/ will still be accessible when not logged in. We’ve modified it to only allow access to private files when logged into the website, and we’ve also reached out to the plugin author with our findings.

UPDATE: The above code is now their most recent updated recommendation. We had a brief correspondence with their team awhile back but haven’t tested this yet. For now, we still recommend you use our code below.

Below will walk you through how to add this to your server.

Step 1. SSH into your server:

Please see the following articles to get started:

Generate your SSH Key:

Generate SSH Key on Mac

Generate SSH Key on Windows with Putty

Generate SSH Key on Windows with Windows Subsystem for Linux

Generate SSH Key on Windows with Windows CMD/PowerShell

Add your SSH Key to GridPane:

Add default SSH Keys

Add/Remove an SSH Key to/from an Active GridPane Server

Connect to your server:

Connect to a GridPane server by SSH as Root user.

Step 2. Create a config for Client Portal

We’ll be creating a file called “clientportal-main-context.conf”. Run the following command switching out “site.url” for your website’s domain:

nano /var/www/site.url/nginx/clientportal-main-context.conf

Paste the following [modified] code into the file:

location ~* ^/wp-content/uploads/leco-cp/.*$ {
rewrite / permanent; allow 127.0.0.1; deny all; return 403; }

The above code ensures that when logged in, private files can be downloaded.
When not logged in, it will return a 403 forbidden error.

Ctrl+O and then press enter to save the file. Then Ctrl+X to exit nano.

We now need to test our nginx syntax with:

nginx -t

If there are no errors present, reload nginx with the following command:

gp ngx reload

Your Client Portal setup is now complete!