Are you interested in protecting your WordPress media files?
The Internet offers many benefits, including file sharing. In some cases, though, you don’t want to share all your files, especially PDF files.
When using WordPress, you can prevent media files from being shared in ways you don’t want them to be.
Let’s jump right into learning how to protect files on your WordPress site.
Table of contents
You may want to protect your WordPress PDF files, or any other file or folder, for many reasons.
It is always a good idea to protect your original content, digital assets, ideas, inventions, and intellectual work. Your hard-to-produce products and skills shouldn’t be exploited.
In addition, there are some personal and private documents you simply don’t want released.
In terms of protecting and stopping unwanted users from accessing your files, there are many different approaches depending on your needs and circumstances.
Let’s take a look at threee ways you can secure WordPress files.
Did you know that you can password protect WordPress media files without having to install any additional plugins?
It is extremely simple to do, but it does not prevent people from sharing a URL of the file they wish to share.
This is a simple 4 steps process:
It’s over! Users can access the page & files by simply entering the password.
Due to the fact that it is a direct link to your wp-content/uploads, it won’t be very secure. If someone guesses the password to the page or shares the link, your files could be compromised.
How can WordPress restrict access to media files in another way? By limiting access to specific user roles.
Using this method is more complex, but comes in handy if you have a membership or e-commerce site.
If this is the case, you may want to create a member-only section where only your customer or paid member can access your private documents and content.
Using a membership plugin is all that is required.
Among all membership plugins available for WordPress, Ultimate Member is my favorite because of its simple logic and UI.
How to restrict private content access with Ultimate Member:
First of all, you need to create a backup of your .htaccess file.
Then, Open the .htaccess file in the root folder of your WordPress site and edit it with this piece of code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]
</IfModule>
This will prevent the access to wp-content/uploads to users that are not logged.
If you also want to prevent people from hotlinking your media files, scroll to the end of the .htaccess file and add this code:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]
It will prevent sites other than yours, Facebook, Twitter, and Google from accessing your images.
We hope this article has helped you to understand how to use WordPress for private media file management. You might also want to read our tutorial on how to Install an SSL Certificate On Your WordPress Site.
Learn how to manage plugin updates like a pro and save a ton of time!
Learn how to restore WordPress without plugin.
Everything you need to know about WordPress image sizes.