Out of the box, Paid Memberships Pro will give you many options to lock down your WordPress posts and pages. You made need to restrict access to protected files as well. This recipe will show you how to lock down files in your WordPress media library using Paid Memberships Pro.
Understanding File Protection
Protecting files in your WordPress site requires a few additional restriction steps at the server level. We don’t enable file protection by default in core PMPro because of these server considerations. In order to protect files, you will need:
- The ability to add rewrite rules by editing the
- The ability to edit the WordPress
- Enough memory on your server to serve files through a PHP script.
- To make sure your uploads folder is not served by a CDN (e.g. with WP Engine and some other hosts)
With respect to item 3 above, the amount of memory available to your site will limit how large of a file you can serve protected. For example, after enabling file protection, you may be able to serve a 1MB image, but not a 50MB PowerPoint document. We recommend testing a few files that are the size you intend to share to make sure your server has enough memory to support file protection.
Note that this method is only applicable to files uploaded through the “Media” library in your WordPress site. If you wish to lock down files and directories outside of WordPress, you can view the tutorial here.
How to Lock Files for Members Only
- Add this line to your wp-config.php file.
- Add this code to your
.htaccessfile, above the # BEGIN WordPress line.
RewriteBase / RewriteRule ^wp-content/uploads/(.*)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]
Make sure there are no line breaks/text wrap after adding this rule to your
.htaccessfile. This rule may need to be adjusted for sites that have WordPress installed in a subdirectory or if the paths on your setup are different.
- Alternately, you can adjust the
.htaccessrule to lock specific file types only. The following rule will lock down only
This adjustment avoids running images and other static files that might be in your
uploadsfolder through the
getfile.phpscript, which can slow sites down. You can change the protected file extensions to the specific file types you need to protect.
RewriteBase / RewriteRule ^wp-content/uploads/(.*\.pdf|\.doc|\.docx|\.ppt|\.zip)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]
- Once you’ve completed these steps, test the protection by uploading a file to a page or post that requires membership to access. The attached file will require the same membership level(s) to view.
How this Method of File Protection Works
What’s happening here is that any link to a file in
/wp-content/uploads/.../ will be routed through the
getfile.php script before it loads in the browser. That script figures out the post the file is attached to, then checks if the logged-in user has access to that post. If so, the file is served through the script. If not, a 503 error is shown.
Let me know how this works for you. If you have any issues, post something to the forums here. We will try to help you through any issues you are having.
Note that this kind of functionality is highly reliant on your server setup and you may need to hire a developer or pay extra to have someone set this up fully.