I'd like to interfere htaccess redirect url to check if a visitor to that url has logged-in to wordpress or not. If not logged-in redirect to wordpress login page via htaccess.
I've already tried below codes. First one is in public-html folder and the second one into resources/ folder.
1)
Redirect 301 /resources https://external.com/directdownload-
2)
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} ^.*(mp3|m4a|pdf|doc|xlsx|docx|xls)$
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule (.*) http://example.com/wp-login.php
The redirection is okay. But visitors outside of wordpress still able to access those links and download the file. How can i prevent them and put a mediator?