I need to protect all my PDF files.
For that, I add the following lines to .htaccess to prevent directory browsing:
Options All -Indexes
Then, I created another .htaccess file inside wp-content folder and add this lines:
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js|svg)$">
Allow from all
</Files>
Now I can’t access PDF files directly. But I need a way to allow user click in links and download the files.
UPDATE
I tried with this snippet, but it caused error 500 in website:
<FilesMatch ".(?i:doc|odf|pdf|rtf|txt)$">
Header set Content-Disposition attachment
</FilesMatch>
Error 500 solved by enabling Apache header module.
But now when I click in the link, the page return error 403 because my second snippet. Is there a way to avoid direct link and allow download?
