Prevent direct requests to attached media resources in private books

Hi there,

Does anyone have a recommendation for a plugin or other measure to prevent direct requests to attached media resources (files in wp-content/uploads/sites) in a book when the book is not public?

It has happened that the content of private books ended up in search engine indexes, often because our users started a book with the default setting public, but later realized that they needed to make it private to prevent unauthorized access. Setting a book to private after it has been filled with content is often too late because crawlers have already discovered and indexed it. And when setting a book’s visibility to private, access medias via direct request, e.g. from a search-result in Bing, on the media-URL still works.

We now have cases where Bing even refuses to remove URLs and cached content of our books from their search index, because they counted many downloads of these PDFs and therefore find them very useful for their customers! Unfortunately, the authors of our content never intended it to be public, and some of it is even legally only allowed to be used within our university, as part of a course.

We found a plugin (PDA Gold) that is a solution, but a very expensive one, because they license per site (which means per book in PB). I would rather imagine a plugin that sets a simple Apache configuration at the site level, e.g. require an authenticated user to access pbbookurl/wp-content/uploads/sites.

Has anyone run into the same problem and solved it, or has a good idea to follow up?