Restricts access to WP Media uploads to logged in users only.

Documents (txt, rtf, pages, pdf, docx, xlsx, pptx) are served as attachments.

If the user logs out the access to the file will be denied and the user will be redirected to the login page.


This plugin adds a better protection than the approach mentioned in How to Restrict Access to WordPress Uploads Folder to Logged-in Users only post

Video tutorial:


Step #1: Download the php file plugin from the github link below and save it in wp-content/mu-plugins/ folder. Create the folder if necessary. This is a system plugin and doesn't need activation.

Step #2: Add the following rules to the .htaccess file

# Protect all files within the uploads folder
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.* [NC]
RewriteCond %{REQUEST_URI} !orbisius_media_protector [NC]
RewriteRule . %1/?orbisius_media_protector=%{REQUEST_URI} [L,QSA]

Step #3: Test
Try accessing any file that resides in the uploads folder. Do the tests when you're logged in and logged out as well.


Bugs or ideas?

f you have found bugs or have ideas submit them using the link below

Referral Note: When you purchase through an referral link (if any) on this page, we may earn a commission.