Protect WordPress Uploads is a simple and easy way to protect WordPress uploads.
Seamlessly integrated, you can easily protect your WordPress uploads by just one single click. Once protected, they cannot be accessed directly through their original, unprotected links (URLs). Unwanted users will be redirected.
- Unlimited protected WordPess Uploads.
- Files are not indexed in Google or any other search engine.
- Filter by private uploaded files in the Media Library.
- Works with Apache and NGINX.
- Easy upload, protect and unprotect your WordPress Uploads.
- ACF-filter available.
- Available in 7 languages and counting.
- Spanish (thanks to @yordansoares)
- Japanese (thanks to @nao)
From within WordPress
- Visit ‘Plugins > Add New’
- Search for ‘Protect WordPress Uploads’
- Activate ‘Protect WordPress Uploads’ from your Plugins page.
- Go to “after activation” below.
- Upload the ‘wp-private-media’ folder to the ‘/wp-content/plugins/’ directory
- Activate the ‘Protect WordPress Uploads’ plugin through the ‘Plugins’ menu in WordPress
- Go to “after activation” below.
- You should see the menu item ‘Protect WP Files’ in the admin menu.
- On the wp-admin/upload.php page, you should see an extra admin column called URL.
IMPORTANT STEP IF YOU USE NGINX
- If you use NGINX as WEBSERVER, add a rewrite to your NGINX config file. Look into the folder _rewrites for an example.
For more information on how to use the filters please go to the plugin explanation page
Plugin / Theme Support
If there are any questions please don’t hesitate to send them to email@example.com.
How can I control which role can upload protected files?
We added a capability ‘manage_pwpf_files’. You can assign this capability to any role in WordPress by using a roles & capabilities plugin.
If the file is protected is it possible to unprotect?
Yes, there is an option to unprotect files. The file will be moved to the public wp-uploads/ folder.
Can everyone download protected files?
No, only logged in users can download files.
Is there a role restriction who can and who cannot download?
Currently, all users with any role could download protected files.
Is the file encrypted?
No, not yet but we are working on that.
- Removed settings, introduction page for editors role.
- Removed renaming function for admin menu.
- Removed nginx message for non-administrators.
- Added capability for editor role
- Small bug fix in admin menu for other roles than administrator
- Added check and error message for WP sites with plain permalink structure
- Small text-domain changes
- Small picture / design changes
- Tested with WP 5.6.1
- Small fix, issue with WP Forms.
- Added documentation link.
- Updated some links to new website mauwen.com
- Update, settings page, linkback url added for protection message.
- Small warning fix in PWPF_url_by_slug() function, thanks to @mreisphotography.
- Fix for slug for backend grid view thumbs.
- Fix for slug for backend thumbs.
- Grid and List view thumbnails added.
- Settings page added to change the protection message.
- Changed the wp-admin upload icon to SVG.
- Fix for downloading large files PWPF_handle_private_download().
- Fix remove image sizes in the private folder after unprotect the file.
- Small fix on a translation, wrong text domain
- Changed site_url() to get_bloginfo(‘url’).
- Small code changes in pwpf-messages.php.
- Added media library filter to filter by protected uploads.
- Added support page.
- Some changes on the wizard page.
- Moved wizard template from function to admin-templates folder.
Added unprotect function.
Capability “manage_pwpf_files” moved to init.
Capability “manage_pwpf_files” added.
Small fix for the introduction page.
Updated the upload UX/UI design with upload progressbar.
Added upload-check for supported WordPress mimetypes.
Added introduction page.
Moved js/css to assets folders.
Added Dutch Translation.
Fixed small bug in ACF support filter.
ACF support with upload filter.
Small bug fix for filter – private_media_url_by_array.
It always returned the file url when using the filter without checking if the file is protected or not.
Small bug fix for remove _nginx message in admin.
First realease on May 17th, 2019