3 Easy Ways to Protect WordPress Media Files

Are you interested in protecting your WordPress media files? 

The Internet offers many benefits, including file sharing. In some cases, though, you don’t want to share all your files, especially PDF files.

When using WordPress, you can prevent media files from being shared in ways you don’t want them to be.

Let’s jump right into learning how to protect files on your WordPress site.

Why You have to Protect Files in WordPress?

You may want to protect your WordPress PDF files, or any other file or folder, for many reasons.

It is always a good idea to protect your original content, digital assets, ideas, inventions, and intellectual work. Your hard-to-produce products and skills shouldn’t be exploited. 

In addition, there are some personal and private documents you simply don’t want released.

In terms of protecting and stopping unwanted users from accessing your files, there are many different approaches depending on your needs and circumstances.

Let’s take a look at threee ways you can secure WordPress files.

Method 1: Use WordPress To Set Passwords On Files

protecting a file with WordPress

Did you know that you can password protect WordPress media files without having to install any additional plugins?

It is extremely simple to do, but it does not prevent people from sharing a URL of the file they wish to share.

This is a simple 4 steps process:

  1. Create a new page or post
  2. Copy/paste the link from your media uploads directory
  3. Change the page or post Visibility to Password protected
  4. Choose a password and click on update.

It’s over! Users can access the page & files by simply entering the password.

Due to the fact that it is a direct link to your wp-content/uploads, it won’t be very secure. If someone guesses the password to the page or shares the link, your files could be compromised.

Method 2: Restrict Private Content Access to Member Only

How can WordPress restrict access to media files in another way? By limiting access to specific user roles.

Using this method is more complex, but comes in handy if you have a membership or e-commerce site.

If this is the case, you may want to create a member-only section where only your customer or paid member can access your private documents and content.

Using a membership plugin is all that is required.

Among all membership plugins available for WordPress, Ultimate Member is my favorite because of its simple logic and UI.  

How to restrict private content access with Ultimate Member:

  1. Install and activate the plugin from WordPress.
  2. Create a new WordPress page/post.
  3. At the bottom of the page, you’ll find “UM Content Restriction” section.
  4. From here, just define who can access this content.

Method 3: Restricting wp-content/uploads Using The .htaccess File

First of all, you need to create a backup of your .htaccess file.

Then, Open the .htaccess file in the root folder of your WordPress site and edit it with this piece of code: 

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
    RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
    RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]

This will prevent the access to wp-content/uploads to users that are not logged.

If you also want to prevent people from hotlinking your media files, scroll to the end of the .htaccess file and add this code:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

It will prevent sites other than yours, Facebook, Twitter, and Google from accessing your images. 

Final Thoughts

We hope this article has helped you to understand how to use WordPress for private media file management. You might also want to read our tutorial on how to Install an SSL Certificate On Your WordPress Site.