This recipe will show you how to lock down files in your WordPress media library using Paid Memberships Pro.
If you wish to lock down files and directories outside of WordPress, you can view the tutorial here.
This feature is not enable by default because it is not compatible with all site/server setups. To protect files, you will need:
- The ability to add rewrite rules by editing the .htaccess file.
- The ability to edit the WordPress wp-config.php file.
- Enough memory on your server to serve files through a PHP script.
- To make sure your uploads folder is not served by a CDN (e.g. with WP-Engine and some other hosts)
For #3, the amount of memory available to your site will limit how large of a file you can serve protected. For example, after enabling file protection, you may be able to serve a 1MB image, but not a 50MB Power Point document. You will have to test files of the size you intend to share to make sure you can use this feature.
Anyway, here is what you need to do.
Add this line to your wp-config.php file.
Then add this code to your .htaccess file, above the # BEGIN WordPress line.
RewriteBase / RewriteRule ^wp-content/uploads/(.*)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]
Make sure there is no line wrapping on that last line. And you may need to tweak that a bit if you have WordPress installed in a subdirectory or the paths on your setup are different.
You can use the following script to lock down only pdf, doc, docx, ppt, and zip files. This will avoid running the getfile script on images and other static files that might be in your uploads folder, which can slow sites down. Change the extensions there to whatever the extensions are of the files you are trying to protect.
RewriteBase / RewriteRule ^wp-content/uploads/(.*\.pdf|\.doc|\.docx|\.ppt|\.zip)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]
Once you’ve updated that, simply upload a file, image, video, etc, to a page or post that requires membership to access and the attached file will require the same membership level(s) to view.
What’s happening here is any link to a file in /wp-content/uploads/…/ will be routed through the getfile.php script. That script figures out the post the file is attached to and then checks if the logged in user has access to that post. If so, the file is served through the script. If not, a 503 error is shown.
Let me know how this works for you. If you have any issues, post something to the forums here. We will try to help you through an issues you are having. Note that this kind of functionality is highly reliant on your server setup and you may need to hire a developer or pay extra to have someone set this up fully.