If you’re running an online business selling courses or information products, you’ll want to build some private areas where only your customers or subscribers can access premium content and digital product files. Password and membership protection prove useful in these cases.
However, there is a serious loophole in these protection methods that often result in your digital product files being leaked out.
In this article, we’re going to show you two easy ways to protect both your WordPress content and digital products without any technical knowledge.
Why you should protect WordPress media files
Did you know that even though your website content is protected with a password or membership plugin, the media attachments embedded in those pages are still accessible to anyone who has direct links to those files?
That's because password and membership plugins don’t protect your file uploads - they're designed to protect content instead, such as pages, posts or products. As a consequence, if someone shares these file URLs on other forums and social platforms, others will be able to access them without having to purchase membership or log into your website.
Even worse, Google and other search engines could potentially index these private documents, videos, and images. So people can just find and access them directly through some simple search with the right keywords.
If you're selling courses or digital products then this puts you at risk of losing all your efforts, digital product files, and a lot of money...
2 ways to protect WordPress media attachments
We've discovered two plugins that make it easy to protect your WordPress media files. You can use either of them with plugins such as Password Protected Categories and WooCommerce Protected Categories which let you restrict access to your WordPress pages, posts and custom post types to specific users or roles. They add an extra layer of security by restricting access to the media files which are linked to from your protected pages/posts/products/etc.
The two plugins are:
- Download Monitor (DLM) - This plugin adds an additional layer of protection for your digital files. Either upload new files to WordPress and protect them one-by-one, or choose which existing files to protect.
- Prevent Direct Access (PDA) Gold - Similarly, this plugin provides many different ways to protect your WordPress media files. You can protect new file uploads automatically or on the fly under the WordPress media library. Alternatively, you can protect some specific files when editing a page or post. Instead of protecting each file individually, you can select and protect multiple files simultaneously using WordPress bulk actions under Media list view.
Plugin 1: Download Monitor
Download Monitor (DLM) makes it easy to protect your WordPress media library files. To illustrate how it works, let's imagine that you've used the following plugins to create a private WordPress document library:
- Document Library Pro for adding documents and displaying them in a searchable document library.
- Password Protected Categories for restricting access to each document category to specific users or roles.
That's a great solution, but doesn't actually protect the underlying WordPress media files - i.e. the documents that are linked to from the library. It's unlikely that unauthorised people will find them because they're only linked to from the private document library pages. However, if one user publicly shares the link to a document then they could potentially share it more widely.
If you're concerned about this then the solution is to add the Download Monitor plugin to the mix.
Securing digital files
With Download Monitor installed, let's look at how to secure our digital files. While we're using Document Library Pro and Password Protected Categories as an example, you can also use it alongside other membership plugins which restrict access to WordPress content.
For example, we've added a document using Document Manager Pro. From the 'Edit Document' screen in the WordPress admin, we've chosen to add a file upload as below:
Adding a file for download, and you'll see the media library modal with a new addition:
Clicking on the Protect button protects the file. Then we can publish our new document. Our digital file is now protected, thanks to DLM.
More features of DLM
Download Monitor (DLM) also offers hotlink protection. For example, if you have a member who wants to make a name for themselves by sharing a link to your digital files, then hotlink protection will check the referrer. The plugin will redirect the user to your homepage unless the download request has come from your site.
Hotlink protection is available in the free version of Download Monitor and is an invaluable deterrent for those looking to benefit by stealing and sharing your work.
An additional bonus of DLM is the reporting feature. You can enable/disable reports in the back end of your website; see below for an example report:
The reporting feature gives you an overview of downloads, filterable by date. Another helpful feature is user reporting:
DLM offers an extension that gives even more insight into reports called Enhanced Metrics. This extension provides even more information, such as failed/completed downloads, active users and downloads, and more.
As you can see, it builds on plugins like Document Library Pro and Password Protected Categories to give you extra protection. As an added bonus, you get built-in reporting on who is accessing your downloadable files.
Plugin 2: Prevent Direct Access
Prevent Direct Access (PDA) Gold is an alternative plugin for restricting access to your WordPress Media Library files. Like Download Monitor, it works with WordPress protection plugins like Password Protected Categories and WooCommerce Protected Categories. Simply use it to restrict access to your media files using the same type of protection that you're using for your pages, posts, and other content.
File Access PermissionFile Access Permission (FAP) allows you to select certain user roles who can access your private protected files directly. There is global FAP which applies the permissions to all files by default. What’s more, you can set individual FAP with Access Restriction extension. In other words, you can make different files accessible to different user roles.
While most of the options are self-explanatory, you may wonder when to use the "Anyone" and "No one" options:
- Anyone option allows everyone to access your private files while stopping Google or other search engines from indexing them. This comes in useful when you want those files to be directly accessed through your website links and not through search results.
- No one option literally stops everyone from accessing your protected files directly through their file URLs. In return, PDA Gold plugin gives you the power to create as many private download links as needed. This helps you share your protected files with some specific groups of users. And at the same time, you can track and restrict its usage by time or click.
How to protect both WordPress content and file attachments
The most bulletproof way to secure your WordPress content is to protect both your content and media attachments altogether.
Password Protected Categories - and it's e-commerce version WooCommerce Protected Categories - is one of the best WordPress password protection plugins. Both plugins allow you to protect an entire category including its sub-categories and all posts/products under that category, with a single password. You can also restrict entire categories so that only specific logged-in users or roles can access them.
Now, let’s learn how to integrate Prevent Direct Access Gold with Password Protected Categories and WooCommerce Protected Categories. It's the perfect combination to protect both WordPress categories and media file attachments on these posts/products.
Using Prevent Direct Access with Protected Categories
Follow these simple steps to protect any type of WordPress category. This could be a post category, page category, WooCommerce product category, or a category/custom taxonomy for any other custom post type.
You can protect as many categories as you’d like to while leaving the rest accessible to the public:
- Go to the 'Add/Edit Category' page.
- Add a new category or edit an existing one.
- Under the ‘Visibility’ section above the ‘Add New Category’ button, select ‘Protected’.
- Set a password and/or select user roles or specific users who can access the post/product.
- In the WordPress Media Library List view, protect your attachment file and then click on ‘Configure File Protection’.
- Select the ‘File Access Permission’ tab and choose the same user roles as per step 4.
Where to get the plugins
Password Protected Categories and WooCommerce Protected Categories are the top WordPress security plugins. They work seamlessly with both Download Monitor and Prevent Direct Access Gold. It's the perfect way to protect both your content and WordPress private files to specific user roles.
Now, you can not only protect your private attachment files against Google and unwanted users. Simply by logging into their user account, your visitors can unlock both your attachments and protected media library files, as well as content.
Do you have any questions on how to password protect your website content and attachment files in WordPress? Please let us know in the comments section below.