How to Restrict WordPress Media Files Access to Specific User Roles

By Updated: October 1, 2019 3

If you’re running an online business selling courses or information products, you’ll want to build some private areas where only your customers or subscribers can access premium content and digital product files. Password and membership protection prove useful in these cases.

However, there is a serious loophole in these protection methods that often result in your digital product files being leaked out.

In this article, we’re going to show you the right way to protect both your WordPress content and digital products without any technical knowledge.

Why you should protect WordPress media files

Did you know that even though your website content is protected with a password or membership plugin, the media attachments embedded in those pages are still accessible to anyone who has direct links to those files?

Restrict WordPress Media Files

That’s because password and membership plugins don’t protect your file uploads – they’re designed to protect content instead, such as pages, posts or products. As a consequence, if someone shares these file URLs on other forums and social platforms, others will be able to access them without having to purchase membership or log into your website.

Even worse, these private documents, videos, and images – just like your content – could be indexed by Google or other search engines. So people can just find and access them directly through some simple search with the right keywords.

If you’re selling courses or digital products then this puts you at risk of losing all your efforts, digital product files, and a lot of money…

How to protect WordPress media attachments

The Prevent Direct Access (PDA) Gold plugin provides many different ways to protect your WordPress media files. You can protect new file uploads automatically or on the fly under the WordPress media library. Alternatively, you can protect some specific files when editing a page or post. Instead of protecting each file individually, you can select and protect multiple files simultaneously using WordPress bulk actions under Media list view.

Protect WordPress files

Most importantly, PDA Gold enables you to protect your media files to specific user roles. That’s when “File Access Permission” comes into play.

File Access Permission

File access permission
File Access Permission (FAP) allows you to select certain user roles who can access your private protected files directly. There is global FAP which applies the permissions to all files by default. What’s more, you can set individual FAP with Access Restriction extension. In other words, different files can be made accessible to different user roles.

While most of the options are self-explanatory, you may wonder when to use the “Anyone” and “No one” options:

  • Anyone option allows everyone to access your private files while stopping Google or other search engines from indexing them. This comes in useful when you want those files to be directly accessed through your website links and not through search results.
  • No one option literally stops everyone from accessing your protected files directly through their file URLs. In return, PDA Gold plugin gives you the power to create as many private download links as needed. This helps you share your protected files with some specific groups of users. And at the same time, you can track and restrict its usage by time or click.

How to protect both WordPress content and file attachments

The most bulletproof way to secure your WordPress content is to protect both your content and media attachments altogether.

Password Protected Categories is one of the best WordPress password protection plugins. It allows you to protect an entire category including its sub-categories and all posts under that category, with a single password. You can also restrict entire categories so that they’re only visible to logged-in users with access to private content. (This is Admins and Editors by default, but you can easily change this.)

If you’re running a WooCommerce store, then WooCommerce Protected Categories plugin will come in handy. Similar to Password Protected Categories, it enables you to restrict access to certain products and WooCommerce categories. Only specific logged in users or roles can see and buy those hidden products.

Now, let’s learn how to integrate Prevent Direct Access Gold with Password Protected Categories and WooCommerce Protected Categories. It’s the perfect combination to protect both WordPress categories and media file attachments on these posts/products.

Using Prevent Direct Access with Password Protected Categories

Password Protected Categories allows you to create private, together with password-protected categories, which integrates nicely with Prevent Direct Access Gold. While the plugin restricts the private category to admins and editors by default, you can customize the user role access so that the content restriction works perfectly with the File Access Permission.

Password Protected Categories
Create hidden areas for your WordPress blog posts, portfolios, courses & more.

Using Prevent Direct Access with WooCommerce Protected Categories

Follow these simple steps to protect a WooCommerce category. You can protect as many categories as you’d like to while leaving the rest accessible to the public:

  1. Visibility options in WooCommerce Protected Categories plugin.
    Go to Product Categories under Products.
  2. Add a new category or edit an existing one.
  3. Under the ‘Visibility’ section above the ‘Add New Category’ button, select ‘Protected’.
  4. Set a password and/or select user roles or specific users who can access the product.
  5. In the WordPress Media Library List view, protect your attachment file and then click on ‘Configure File Protection’.
  6. Select the ‘File Access Permission’ tab and choose the same user roles as per step 4.
WooCommerce Protected Categories
Start hiding areas of your WooCommerce store today.

Conclusion

Password Protected Categories and WooCommerce Protected Categories are the top WordPress security plugins. They work seamlessly with Prevent Direct Access Gold. It’s the perfect way to protect both your content and WordPress private files to specific user roles.

Now, you can not only protect your private attachment files against Google and unwanted users. Simply by logging into their user account, your visitors can unlock both your attachments and protected media library files, as well as content.

Do you have any questions on how to password protect your website content and attachment files in WordPress? Please let us know in the comments section below.

Katie Keith

An active member of the global WordPress community, Barn2 Co-Founder Katie loves collaborating with other plugin companies. Her articles have been published on high profile sites including WPTavern, Torque and IndieHackers. She oversees all plugin support and deals with 'Tier 2' support requests about how to use Barn2's plugins in advanced ways.

3 Comments

  1. Cassandra Maccue
    April 14, 2019 Reply

    Great tips, Thank you kindly. Do you have a video available for these tips?

    • Katie Keith
      April 15, 2019 Reply

      Hi Cassandra, we don't have a video for this tutorial yet and hope to add one in future. Thanks for the suggestion!

      • Cassandra Maccue
        April 20, 2019 Reply

        I look forward to it eagerly. Thank you once again.

Please share your thoughts...

Your email address will not be published.