How to make Prevent Direct Access work on WP Engine

By default, our plugin (both Free and Gold version) doesn’t work on websites hosted on WP Engine who utilizes both Apache and Nginx web server.

However, with these simple tweaks now you can use Prevent Direct Access (PDA) Gold on WP Engine.

PDA Gold Redirect Rules

  1. Log in to your WP Engine User Portal
  2. Under your website “Installs”, click on “Redirect rules” then “New redirect rule”

  3. nter these codes into the popup fields as per our attached screenshot
    Domain: Choose your website domain
    You will need to create 2 redirect rules as described below.

    For PDA Gold version 3.0 and above

    Redirect name: Rules for original links
    Source: wp-content/uploads(/_pda/.*\.\w+)$
    Redirect type* 301 Permanent

    Redirect name: Rules for private links
    Source: private/([a-zA-Z0-9-_]+)$
    Redirect type* 301 Permanent

    * Please follow your WordPress Site Address (URL) set up. Does it come with or without www?

    Rules for original links
    Redirect Rules for Prevent Direct Access original links

    For WordPress Multisite Network

    If you’re a multisite network, you should use the following code for the Source * instead.


    The following private link rules applies for both single and multisite network.

    Redirect Rules for Prevent Direct Access private links

    For version 2.x.x

    Redirect name: Rules for original links:
    Source: wp-content/uploads/(.+)(\.)([A-Za-z0-9]+)$
    Destination: index.php?pre_dir_acc_61co625547=$1&is_direct_access=true&file_type=$3
    Redirect type* 301 Permanent

    Redirect name: Rules for private link:
    Source: private/([a-zA-Z0-9-_]+)(/auth-[a-zA-Z0-9-_]+){0,1}$
    Destination: index.php?pre_dir_acc_61co625547=$1&custom_181191=$2
    Redirect type* 301 Permanent

Folder Protection Redirect Rules

Please implement these redirect rules for our Folder Protection feature to work properly on WP Engine hosting. You will need our Access Restriction plugin for this to work properly.

Please note that:

  • If you change Prefix for Private URL (on our Settings page), you need to replace the word private accordingly
  • As WP Engine doesn’t support RewriteRule Flags, all your private and original links will appear “raw” anyway. However, if you implement these WP Engine redirect rules, you can use (and access) pretty as opposed to raw URLs. For example,
    • Raw (Ugly) URL:
    • Pretty URL:
  • As always, please make sure you’re using the latest version of our plugin.

Feel free to contact us for support if you face any problems or have any questions.

Protect files hosted on LargeFS

LargeFS (Large Files System) is a WP Engine’s product which allow you to store large amounts of media and integrate it into WordPress. In other words, it’s an Amazon S3 based file storage.

By default, our PDA Gold plugin doesn’t recognize the files hosted on LargeFS bucket. There’ll be a popup that says “Files does not exist” when you try to protect these media files.

To resolve this, you can exclude the /uploads/_pda folder from WP Engine’s LargeFS. This leaves protected files locally on the server and the PDA plugin works as usual.

Lasted updated on December 22, 2020