Our Prevent Direct Access (PDA) Gold plugin provides an easy way to help you protect your private files. You can either protect individual or multiple files at the same time with WordPress Bulk Actions. Now you can even protect the entire folder, i.e. all files on that folder, with PDA Access Restriction extension.
Requirements:
- PDA Access Restriction version 1.0.4 or greater
- Prevent Direct Access Gold version 3.0.25.4 or greater
In this article, we’ll show you how to restrict access to whole WordPress folders for only specific users in popular hosting servers.
Apache – Single Site
Once installing and activating PDA Access Restriction successfully, navigate to PDA Gold settings page in the left sidebar.
After that, switch to “Folder Protection” tab and you will see as image below:
Simply protect your private folders with just 2 steps:
Step 1: Select folders which you want to protect
- Our plugin protects main folders under WordPress root or uploads directory only.
- Only folders whose name includes lowercase letters (a-z), numbers (0-9), dash (-) and underscore (_) are accepted and displayed under the Select field. If your folders aren’t listed here, please make sure their names follow this rule.
Step 2: Set access permission
- This permission is applied for all protected files and sub-folders under the selected folders.
- Default option is “Admin users”, which means that only Administrators can see and access these protect files.
Unlike the file protection of PDA Gold where we move your all protected files into _pda directory, this folder protection method keeps all your file URLs as they are.
We also display the default WordPress media folders such as 2018 and 2019. So if you’re to choose those folders, it may cause UI conflicts with PDA Gold default file protection on the Media library.
Multisite
Main site
After configuring and saving the feature options successfully, please go back to the Settings tab to get the rewrite rules and copy it to your .htaccess file as per our instructions.
Subsites
For our feature to work properly on subsites, you will need to copy the following rules and put them below those of the main site.
# AR Rewrite Rules for Folder Protection # Main site RewriteRule ^(?:[_0-9a-zA-Z-]+/)?((your-folder-name-1|your-folder-name-2)/.*\.\w+)$ index.php?pda_v3_pf=$1 [QSA,L] # Subsites RewriteRule ^wp-content/uploads(?:/sites/[0-9]+)?(/(your-folder-name-1|your-folder-name-2)/.*\.\w+)$ index.php?pda_v3_pf=$1 [QSA,L] # AR Block Rewrite Rules for Folder Protection End
Please note that the root folder permission is set on the main site. It doesn’t follow subsites’ permission even if you select them under each subsite.
Rewrite Rules for WP Engine
For our feature to work on WP Engine and Nginx servers, you have to implement these rewrite rules as follows.
Redirect name: Rules for folder protection
Source:
- For folders under Uploads Directory:
^wp-content/uploads(/(your-folder-name-1|your-folder-name-2)/.*\.\w+)$
- For folders under Root Directory:
^(/(your-folder-name-1|your-folder-name-2)/.*\.\w+)$
Destination: https://www.yourwebsite.com/index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy
Redirect type* 301 Permanent
* “your-folder-name-1” and “your-folder-name-2” are folders you want to protect. Use |
to separate each folder name.
Rewrite Rules for NGINX servers
Please follow 3 simple steps below to update folder protection rules in Nginx server:
Step 1: Copy the rewrite rules shown under Folder Protection tab
Step 2: Find and open your website’s Nginx config file which is normally located at /etc/nginx/site-available
(or /etc/nginx/conf/site-available
if you’re using Arch Linux)
Step 3: Put it inside the server block
server { location / { ... } #Put our rewrite rules here, i.e. rewrite ((prevent-direct-access)/.*\.\w+)$ "/index.php?pda_v3_pf=$1" last; rewrite wp-content/uploads(/(protect\s+page\s+and\s+post)/.*\.\w+)$ "/index.php?pda_v3_pf=$1" last; }
After that, restart your Nginx server. Folder Protection feature should be now working properly on your website.