DesignMe Creative Group

207.776.5416 • MAINE & ARIZONA

fb pintrest rssicon
  • Home
  • Services
    • Websites & Social Media
    • Marketing & E-Newsletters
    • Logos & Print
    • Training & Support
  • Portfolio
    • Website Design
    • Creative Design & Branding
    • Social Media & E-Marketing
  • The Team
  • Why DesignMe?
    • Our Philosophy
    • Affordable Prices
    • Getting Started
  • Blog
  • Payment
  • Contact

January 29, 2012 By Debbie 31 Comments

Password Protecting PDF Files in WordPress

At Flying change Webs & Graphics, we often work with organizations that offer information for staff or membership only. WordPress has some nice password protection functions that are easy to use. However, the problem comes when using PDF files that need to be password protected as well as unseen on search engines. Sure, you can password protect a page, which protects the link. But if someone has the direct link to the pdf file, there is nothing to “stop” this direct link from seeing the document.

Surprisingly, this is a function that is lacking in wordpress and I have yet to find a plugin that will protect actually protect the pdf from both direct links from non-members and search engine indexing.

The search engine indexing problem was taken care of by adding a robot.txt file that excluded the upload folder.

To protect the pdfs, I created an .htaccess file in the wp-content folder (ask your web host for access through the control panel) and placed this code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?mywebsite.org/ [NC]
RewriteCond %{REQUEST_URI} !hotlink.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ http://mywebsite.org/ [NC]

Voila! Password protected and search engine safe!

(The description below also works, but takes more work. I prefer the method above).

The password protecting the pdfs were a little more difficult. Since I couldn’t find a wordpress plugin to do the trick, I think I have come up with a suitable workaround. It takes two easy steps:

  1. Using the Media File Manager plugin to create a members only directory in  my upload folder and used their basic instructions to move the client’s pdf files into the special folder.
  2. Logging into the host control panel, I could navigate to the special folder and password protect the entire folder – just like I would for a non-wordpress website.

Filed Under: TechTalk, WordPress

Comments

  1. Cheryl says

    June 22, 2012 at 10:55 pm

    Very helpful, but how do I find the url for the upload folder?

    Reply
    • Debbie says

      June 23, 2012 at 9:41 am

      The upload folder is a standard WP folder and can be found by going to your root installation folder of wp > wp-content > upload.

      Reply
  2. Ying-Fu Li says

    December 16, 2012 at 8:54 am

    Hi,

    What do you mean by ‘logging into the host control panel’? That is beyond the scope of WordPress?

    Reply
    • Debbie says

      April 1, 2013 at 6:33 am

      The control panel is the area provided by your web hosting company where you can access the files on the backend.

      Reply
  3. Jami Gold says

    April 1, 2013 at 3:28 am

    Thank you so much for this! The code worked perfectly.

    I just discovered an hour ago that the PDFs and .XLSs I *thought* were protected behind a password-protected page, in fact, weren’t protected at all. And search engine results were feeding people straight to my documents.

    I was close to a full-on panic when I found these instructions. Thank you, thank you, thank you!

    Reply
    • Debbie says

      April 1, 2013 at 6:34 am

      Glad it helped!

      Reply
    • jantien says

      November 19, 2013 at 4:57 am

      thanks a million Debby!
      it worked for me too, felt very relieved after the same panic occurred to me as with Jami.
      Is it still working for the current version of WP? (just to be sure)

      Reply
  4. Kieron says

    May 9, 2013 at 11:43 am

    Thanks, this was really helpful to me today.

    Reply
  5. Joel says

    August 10, 2014 at 2:09 pm

    Hi, Just wanted to ask, do I put the code for the .htaccess file as is or do I need to change anything in the code?
    Thanks for your help.

    Reply
    • Joel says

      August 10, 2014 at 2:26 pm

      Please disregard the last questions, I changed the url from the sample provided to my site. Note, I’m using a WordPress Multisite install with Subdomains. Also does it make a difference if I use www or no www for the site url?

      Thanks

      Reply
      • Debbie says

        August 10, 2014 at 4:44 pm

        If you use it as is the (www)? puts that question into play and should take care of it either way. How is it working for you on multisite? I’ve only used it with single sites.

        Reply
  6. Lee says

    August 15, 2014 at 9:47 am

    Looks like this would preclude having a pdf link in a public area of your site. We have some areas open to public view and some requiring membership to our homeowners association. If I read this correctly all pds, xls, etc would require login. I don’t see an easy solution to allow some pdfs to be public.

    Reply
    • Debbie says

      August 21, 2014 at 11:50 am

      You would only place the files you need protected into the special directory. Others that are public an be loaded into the media directory as usual.

      Reply
  7. BJ says

    December 27, 2014 at 11:33 pm

    Thanks a lot. Your suggestion helped me control access to the content folder on my wordpress site.

    Reply
    • Debbie says

      January 5, 2015 at 9:46 am

      I always love hearing that what is posted has helped!

      Reply
  8. Pavitra Motwani says

    July 26, 2015 at 4:36 pm

    Your solution is to protect all the assets in the Media Library. However, if we want some documents protected and some don’t (can be searchable by search engines) as well, then what is the solution.

    Please email me your reply. Thanks in advance

    Reply
    • Debbie says

      September 12, 2015 at 9:24 pm

      You can either upload your theme file using ftp or compress the theme folder (.zip) and upload it as a new theme right into wordpress. These options only load the theme files, not the uploads folder or database.

      Reply
    • Debbie says

      September 12, 2015 at 9:28 pm

      The second option (below the .htaccess solution) works. There is also a plugin called WP FileBase that is now available and works very well for this.

      Reply
  9. Martin Hansson says

    September 3, 2015 at 9:38 am

    Hi 🙂

    I can make this work, and have them shown only when logged in but hotlinking directly to the files fx writing http://mysite.dk/wp-content/uploads/2015/09/filename.pdf directly in the browser, then downloading starts. How can that be prevented?

    Martin

    Reply
    • Debbie says

      September 12, 2015 at 9:33 pm

      WP Filebase is a plugin I’ve discovered since writing that blog article – it works great. Give it a try: https://wordpress.org/plugins/wp-filebase/

      Reply
  10. Matt says

    October 14, 2015 at 4:26 am

    Excellent work around, I adjusted the code so it only applies to PDFs but it works a treat.

    Thanks!

    Reply
    • Debbie says

      October 15, 2015 at 7:35 am

      Always makes my day when something I post helps another!

      Reply
  11. Deborah says

    April 12, 2016 at 2:31 pm

    This is fantastic … works on a directory outside of WordPress, too. For instance, mysite.com/documents. Thanks so much.

    Reply
  12. Donna says

    December 16, 2016 at 4:54 pm

    Thanks so much!! I’m done panicking now too — and maybe my sales will pick up again since they can’t get the info for free!

    Reply
    • Debbie says

      December 19, 2016 at 12:02 pm

      Terrific!

      Reply
  13. Sharon says

    May 9, 2017 at 8:21 pm

    Hello Debbie, the files I want to protect are sellable on woocommerce. If it gets sold ..will it require the buyers to login to access

    Also a quick one, the snippet ‘ mywebsite.org/ [NC]’ in the code, do I need to add my website url? (im a newbie working up to design my website)

    Reply
    • Debbie says

      May 10, 2017 at 8:42 am

      Yes they would need to be logged in. Are you selling access (like membership) or a single document? There are other ways to handle this if you’re selling downloads and/or access. S2Member (pro) is a great membership/access program that allows for things like this as well. And … yes the url would be your own website address.

      Reply
  14. Sharon says

    May 10, 2017 at 8:59 am

    Thank You for responding Fast….im selling single files(pdf) with woocommerce. please which other ways do you know I can restrict access to my files from my wordpress library.

    Reply
    • Debbie says

      May 10, 2017 at 9:03 am

      I believe WooCommerce has some of those capabilities built in. https://docs.woocommerce.com/document/digital-downloadable-product-handling/

      Reply
  15. Crystal says

    February 13, 2018 at 3:41 pm

    Hi,

    I used your code at the top before reading that it would also pw protect images. I have deleted the .htaccess file that I created but it seems that the rewrite is still applied…. How do I undo this? What is the opposite of the code above?

    Reply
    • Debbie says

      February 14, 2018 at 7:19 am

      You may need to clear your cache. Also, you can use that code but change the 2 lines with
      (gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) to include just (pdf).

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Site Search

Tech Talk

  • Enqueue CSS2 Google Fonts
  • Redirect to the BuddyPress Profile Page
  • “Going Live”
  • Insert Soliloquy Shortcode Using Advanced Custom Fields
  • Redirect My Website To https://

Creative Corner

  • Unique Websites Deserve a Unique Login
  • Adding A Shortcode To The Post Title
  • Favicons – A Tiny Graphic With Big Impact
  • Social Media Icons – So Many Options!
  • Savage Chicken iMugs

From Our Blog

  • The “ME” In Our Name Really Means YOU
  • Behind Your Website
  • I Have a Website – Now What?
  • Full Width (100%) Section On A Fixed Width Page
  • Small Can Mean Big When It Comes To Websites

View Topics

creative

Functional

affordable

Copyright © 2023 · Custom Website by DesignMe Creative Group · Log in

Hosted Locally by Maine Hosting Solutions