1. Home
  2. Support
  3. Applications
  4. Protecting WordPress uploads

Protecting WordPress uploads

If you run a private community or members only website using WordPress, by default anyone can download your attachments/uploads/files. This isn’t ideal especially if you only want to provide access to these files for your members and don’t want the overhead of a members/downloads plugin.

There is a simple fix with a simple script and a few lines within your .htaccess file. Please note: this will only work on our Linux hosting platform.

How to fix

    1. Download the dl-file.php from here


    1. Upload the file to your WordPress root. The same directory as your wp-config.php


  1. Create or edit a .htaccess file in your root directory and add the following:
    RewriteCond %{REQUEST_FILENAME} -s
    RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L]

That’s it, now only members/logged in users can download the websites attachments. As always, if you have any tips, comments or questions then please let us know below.

Classification: Public
Last modified: 2019/08/14 at 15:14 by Jamie