By default, our plugin (both Free and Gold version) doesn’t work on websites hosted on WP Engine that utilize both Apache and Nginx web servers.
However, with these simple tweaks now you can use Prevent Direct Access (PDA) Gold on WP Engine.
PDA Gold Redirect Rules
- Log in to your WP Engine User Portal
- Select the environment name in which PDA Gold is installed
- Select “Redirect Rules” and add “New redirect rule”
- You will need to create 2 redirect rules as below
Replace https://www.yourwebsite.com with your WordPress Site Address (URL) shown under Settings >> General from the admin dashboard.
For PDA Gold version 3.0 and above
Redirect name | Rules for original links |
Domain | Choose your website domain |
Source | wp-content/uploads(/_pda/.*\.\w+)$ |
Destination | https://www.yourwebsite.com/index.php?pda_v3_pf=$1 |
Redirect type* | 301 Permanent |
For WordPress Multisite Network
If you’re having a multisite network, you should use the following code for the Source* instead.
wp-content/uploads(?:/sites/[0-9]+)?(/_pda/.*\.\w+)$

The following private link rules apply for both single and multisite networks.
If you change the Prefix for Private URL, you need to replace the word private
in the Source* accordingly.
Redirect name | Rules for private links |
Domain | Choose your website domain |
Source | private/([a-zA-Z0-9-_]+)$ |
Destination | https://www.yourwebsite.com/index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy |
Redirect type* | 301 Permanent |

For PDA Gold version 2.x.x
Redirect name | Rules for original links |
Domain | Choose your website domain |
Source | wp-content/uploads/(.+)(\.)([A-Za-z0-9]+)$ |
Destination | index.php?pre_dir_acc_61co625547=$1&is_direct_access=true&file_type=$3 |
Redirect type* | 301 Permanent |
Redirect name | Rules for private links |
Domain | Choose your website domain |
Source | private/([a-zA-Z0-9-_]+)(/auth-[a-zA-Z0-9-_]+){0,1}$ |
Destination | index.php?pre_dir_acc_61co625547=$1&custom_181191=$2 |
Redirect type* | 301 Permanent |
Folder Protection Redirect Rules
Please implement these redirect rules for our Folder Protection feature to work properly on WP Engine hosting. You must have our Access Restriction extension installed for this to work properly.
Logic & Limitations
As WP Engine doesn’t support RewriteRule Flags, all your private and original links will appear as “raw” anyway. However, if you implement these WP Engine redirect rules, you can use (and access) pretty URLs instead of raw ones. For example:
- Raw (Ugly) URL: http://bwps.com/index.php?pda_v3_pf=/_pda/2018/09/ava-2.png
- Pretty URL: http://bwps.com/wp-content/uploads/_pda/2018/09/ava-2.png
As a rule of thumb, please make sure you’re using the latest version of our plugin.
Feel free to contact us for support if you face any problems or have any questions.
Protect files hosted on LargeFS
LargeFS (Large Files System) is a WP Engine’s product that allows you to store large amounts of media and integrate it into WordPress. In other words, it’s an Amazon S3 based file storage.
By default, our PDA Gold plugin doesn’t recognize the files hosted on LargeFS bucket. There’ll be a popup that says “File does not exist” when you try to protect these media files.
To resolve this, you can exclude the /uploads/_pda
folder from WP Engine’s LargeFS. This leaves protected files locally on the server and the PDA plugin will work as usual.
Logic & Limitations
Currently, protected images might be broken on WP Engine sites.
Temporary solution: Enable the “Keep raw URLs” option.