I have a wordpress site that I would like to secure specific files in the uploads directory, so that they can only be accessed by logged in users. The files either have the word “oneperson” or “twopeople” in the filename, and are of the format “zip” or “pdf”.
How do I do this?
This is not quite trivial, because natively WP is engineered to completely ignore requests to existing files. So WP doesn’t pay attention to files and
.htaccess
doesn’t have access to WP’s logged in information.If you look for prior art (in plugins for selling digital files for example) this isn’t easily (at all?) doable with direct links. Typically special download links are created and processed by plugins to serve files while masking it’s true name/location (which should be restricted from direct access or not in web accessible folder at all).