Skip to content

As a photographer, your images are your livelihood. Sharing your work online is essential, but it also opens up the risk of unauthorized access or misuse of the high-resolution or non-watermarked files. Sunshine Photo Cart is here to support you with additional features to keep your images safe.

In our latest update, we’re thrilled to introduce .htaccess file protection, specially designed to secure your full-resolution images. This feature was previously only available to those using the Digital Downloads add-on but is now part of the core, free plugin for everyone.

This addition prevents direct access to these valuable files, making sure they’re only viewable in the thumbnail and large preview image sizes you need to share for an effective client gallery. On top of that, new file naming conventions have been implemented that make it impossible for someone to find the high-res versions of your photos.

These features aren’t just about peace of mind—they’re about protecting your art and the business you’ve built around it. Here’s a closer look at how these enhancements work and what they mean for you and your clients.

How uploading images in WordPress (and Sunshine Photo Cart) works

When images are uploaded to WordPress (and Sunshine Photo Cart), multiple "intermediate" image sizes are created for that image. There could be any number of intermediate image sizes based on the theme and plugins you are using.

For Sunshine Photo Cart client galleries, it will build just two separate versions for every upload: "thumbnail" and "large" sizes and also have a copy of the original uploaded file. It is always recommended that you upload images larger than the "large" size so other image protection features like watermarks can be applied to the intermediate sizes as needed while leaving the original untouched for digital downloads or image regeneration should you want to make various changes in the future.

The default file naming for these goes like this:

  • Original, full resolution image: filename.jpg
  • Large image: filename-800x600.jpg (numbers are determined by your size settings)
  • Thumbnail image: filename-400x300.jpg (numbers are determined by your size settings)

You could have a URL to an image like this: https://yourdomain.com/wp-content/sunshine/456/filename-800x600.jpg

Image file name protections

If someone were to look at the source code and recognize this pattern, they could guess the original image file name by removing the "-800x600" part of the file name and would have access to the full resolution, non-watermarked image. This is not ideal.

To fix this issue, now every single image (and their intermediate image sizes) have completely unique file names. Now they will look like this:

  • Original, full resolution image: filename-bXsnduNVObJyhUGceMsbSIrH.jpg
  • Large image: filename-fNRwwGVrFxAhHv6MoN23EDXU-800x600.jpg
  • Thumbnail image: filename-qZK1cmDQXQuJ8DcYB8xjla1N-400x300.jpg

Even if a person tried the image file guessing technique, they would never be able to find the proper match since each image is 100% random, unique file naming.

If you offer digital downloads, the file names given to users will not include these random strings and will look like normal file names to reduce confusion.

.htaccess file protections

Theoretically someone could still determine the exact file name and have access so the above is not 100% secure. To go one step further, the .htaccess server level file protection has been moved from being in the Digital Downloads add-on to being in the core plugin and available to all users.

An .htaccess file is used to create rules about how your web server should handle files on a per directory basis. It is also what core WordPress uses to make those pretty permalinks possible. Sunshine Photo Cart creates an .htaccess file which prevents direct access to any full resolution image URL on your website, effectively blocking anyone who tries to enter the full resolution image URL.

Image security for all client photo galleries

Protecting images in client galleries has always been a priority for Sunshine Photo Cart. With these new security features, we’re staying ahead of the curve, tackling the latest challenges photographers face in a digital world. Sunshine Photo Cart remains committed to providing photographers with peace of mind and the confidence that their work is safe, secure, and shared on their terms.

Derek Ashauer
Derek Ashauer, developer of the Sunshine Photo Cart WordPress plugin, has dedicated over 10 years to developing and supporting this effective tool for photographers. His expertise in the WordPress platform extends beyond this plugin with over 15 years of experience in building client sites. Derek's work centers on enhancing the functionality and profitability of client galleries for photographers, showcasing his commitment to supporting their business growth.