Home/ Questions/Q 813753
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T01:24:40+00:00

Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser. However the

  • 0

Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser.

However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work.

Trying

Order Allow,Deny
Deny from all
http://www.site.com/wp-content/plugins/download-monitor/download.php”>
Allow from all

but the download links do not now work… even though (I think) they are links produced by the script e.g.

http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf

Enter that in the address bar and you correctly get a WordPress message, ‘You must be logged in to download this file.’

However, if someone knows the URL where the file was uploaded

http://www.site.com/wp-content/uploads/folder/something.pdf

they can still access it directly.

I don’t know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped!

Thanks for any help.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You cannot set Deny in .htaccess because your WordPress and a standard file request has the same server user – www-data/apache/http/or something.

    You can for example sat folder’s chmod to 700 and it will allow access for script but not for direct file call.

    And accept your recent questions.

    • 0