Prevent Direct Access Lite Version

Prevent Direct Access plugin provides a simple solution to prevent Google and other search engines from indexing and unwanted users from accessing your files without permission.

Protect WordPress Media Library File Uploads

Prevent Direct Access (PDA) is designed to protect your media files such as images (PNG, JPEG), documents (PDF, DOCX, PPTX), audios, and videos (MP4, MP3) that you upload to your website, via either Media library or Pages/ Posts.

Once protected, only the files’ author can access them directly. Unauthorized users will be redirected to a No Access page when attempting to view and download these files.

Since PDA Lite version 2.7.7, we allow you to protect unlimited files under your Media Library. Check out our Gold version which offer file protection on the fly and many other advanced features.


  1. Under your WordPress admin dashboard, click Add New under Plugins
  2. Search “Prevent Direct Access” in the repository
  3. Click Install Now
  4. Once you’ve installed our plugin, click Activate

Web Server Support

Since version 2.7.4, Prevent Direct Access supports Nginx, IIS and Apache servers.

While our rewrite rules are inserted automatically for Apache servers, you have to implement these rules manually for Nginx and IIS servers.

NGINX Support

Follow the steps below to make our file protection work properly on your NGINX-server site.

  1. Copy the rewrite rules shown on Prevent Direct Access settings page
  2. Find your website’s Nginx config file which is often located at /etc/nginx/site-available or /etc/nginx/conf/site-available (if you’re using Arch Linux)
  3. Paste the copied rules in the server block
server {
	location / {
	#Put our rewrite rules here, i.e.
	rewrite wp-content/uploads/_pda(\/[[email protected]\/&+-]+)+\.([[email protected]\/&+-]+)$ "/index.php?pda_v3_pf=$1&is_direct_access=true&file_type=$2" last;
	rewrite private/([a-zA-Z0-9-_.]+)$ "/index.php?pda_v3_pf=$1" last;

Restart your Nginx server. Our Prevent Direct Access should be now working on your website.

IIS Support

In order for our Prevent Direct Access Lite to work properly on your IIS web server, please put the following additional codes on your web.config file located at your WordPress website’s root folder.

If the web.config file does not exist, simply create a new one.

<?xml version="1.0"?>
        <!-- START - Prevent Direct Access Lite rules - START -->
        <rule name="Imported Rule 1" stopProcessing="true">
          <match url="private/([a-zA-Z0-9]+)$" ignoreCase="false"/>
          <action type="Rewrite" url="index.php?pda_v3_pf={R:1}" appendQueryString="false"/>
        <rule name="Imported Rule 2" stopProcessing="true">
          <match url="wp-content/uploads/_pda(\/[[email protected]\/&amp;+-]+)+\.([[email protected]\/&amp;+-]+)$" ignoreCase="false"/>
          <action type="Rewrite" url="index.php?pda_v3_pf={R:1}&amp;is_direct_access=true&amp;file_type={R:2}" appendQueryString="true"/>
        <!-- END - Prevent Direct Access Lite rules - END -->
        <rule name="wordpress" patternSyntax="Wildcard">
          <match url="*"/>
          <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
          <action type="Rewrite" url="index.php"/>
    <compilation debug="true"/>

Plugin Walkthrough

Here’s how to activate and use our Prevent Direct Access (PDA) Free version.

First of all, go to Media to protect your files. You can choose to protect files either in List View or Grid View.

Media Library Grid View

  1. Click on a file that you want to protect, and then tick Protect this file checkbox
  2. After being protected, the file will be highlighted with a red border
  3. Simply untick Protect this file checkbox if you want to unprotect the file.

Please note that if you get stuck with “Protecting…” status, it might be because the file that you want to protect does not exist or there is a conflict with other plugins.

You can switch to Media List View to see the error message.

Media Library List View

  1. Choose List View option under Media Library

  2. A new column named Prevent Direct Access will be created by our plugin. To protect a specific media file, simply click on Configure file protection and click on Protect this file

  3. Once a file is protected, the plugin will automatically generate a private URL containing random strings for users to access the private file directly. You can copy the private URL to clipboard and paste it on their browsers or email by clicking on the Copy to clipboard button.
  4. If you want to unprotect the file, simply click on Unprotect this file

You can refer to our FAQ for more information.

Lite version Logic & Limitations

  • The default File Access Permission (FAP) of all protected files is set to its author
    • Even admin users who are not the file’s author cannot access the file directly
    • To grant admin users access to files whose FAP is “The file’s author”, simply add the following code snippet to your (child) theme functions.php file or plugins like Code Snippets.
         function ( $is_allowed ) {
            $current_user = wp_get_current_user();
            if ( empty( $current_user ) ) {
               return $is_allowed;
            if ( is_super_admin( $current_user->ID ) ) {
               return true;
            $user_login = $current_user->roles;
            foreach ( $user_login as $role ) {
               if ( 'administrator' === $role ) {
                  return true;
            return $is_allowed;
  • You cannot auto-generate or customize new Private Download Link with our PDA Lite
    • You can’t set or edit its Download Limit and Expiry either. As a result, anyone can access the Private Download Links without any restriction.

Refer to the complete features comparison between our PDA Gold vs Lite version.

Lasted updated on January 14, 2022