Photography and Kirby CMS

Kirby has no concept of private files

About a month ago, I began converting my website from Statamic to Kirby. Toward the end of the project, I encountered an issue that almost forced me to drop Kirby entirely.

Photos that are meant to be private (to use for generating public images, in my case) are not safe if you upload them in their original state. If someone removes the size parameter from the image's URL, Kirby will copy your original photo to the public folder for them. 🙄

I figured I had to be doing something wrong, so I tested this on other Kirby-based websites. Turns out, I'm not the only one this happens to, but I'm apparently the only one who is aware of it (or at least considers it an issue).

I visited the website of a photographer (someone who would definitely want to protect their original photos), opened one of their photos in a separate tab, removed the size parameter from the URL, and...

I got the original photo. Original size, EXIF data, everything.

If I were the wrong person, I could easily take this photo and claim it as my own. If it's a photo of your cat, I now know where you live. Not cool.

As much as I dislike Statamic, they handle files the correct way. Statamic allows you to keep your original files private, and generated images are served in a separate location and with URLs that cannot be manipulated.

But I wasn't going to return to Statamic.

My solution

Although not perfect, I've put together a plugin that will mostly mitigate this issue.

When this plugin is installed, any photo uploaded or replaced with a specified template will have its EXIF data stripped and moved to its content file, and then resized to the specified maximum size and quality necessary for displaying on the website.

With the EXIF data moved to the content file, you can continue using it with the ability to publicize only the data you want. You can choose not to display the location of any photos taken from home, for example.

There is an unintended benefit of doing it this way. Your photos will take up much less space on the server. This is especially useful if you keep your photos in Git.

Why not do this during the export workflow?

Not all of my photos will go through an editor. And for the little things, going through an export is an unnecessary extra step.

It's much easier for me to upload straight from my iPhone or iPad, and have the server do the work of generating the proper sizes, as you would expect it to.

How to install and use this plugin

Clone the repo to your plugins directory.

To change the default settings, add the following to your config file. (without return[];)

return [
  'chancearthur.exifAndResize.template' => 'photo',
  'chancearthur.exifAndResize.maxSize'  => 1024,
  'chancearthur.exifAndResize.quality'  => 100,

If you're okay with the default settings, you don't need to do anything. Any photo uploaded or replaced will be processed.

Issues you may run into

As with most of the repos I publish, I built this for my particular use-case. That means:

  • All images are resized, regardless of template.

  • Images are resized by longest edge.

  • I have no need to specify anything other than size and quality.


I'm not a PHP expert. There are a few nice-to-haves that aren't implemented yet. Any help would be appreciated.

  • Check for the existence of EXIF instead of checking for a file template

  • Don't write "null" to the content file if there isn't any location data