Under your WordPress admin dashboard, click on “Prevent Direct Access Gold” menu in the left sidebar to configure its settings.



(1) Auto-protect New File Uploads

Enable this option for our Gold version to automatically protect all your new file uploads.

In case you want to protect certain file types or file uploads by specific user roles only, simply select them from the dropdown lists as below.

(2) Set File Access Permission

Allow you to choose who can access your protected files by default. User roles options include:

  • Admin users (by default)
  • The file’s author
  • Logged-in users
  • No one (means no person is allowed to access your private files)
  • Anyone (means our plugin only blocks search indexing)
  • Custom Roles

When you “choose custom roles”, a new “Grant access to these user roles only” option will appear, which allows you to select multiple user roles such as authors, subscribers, and contributors. Only these user roles will be able to access your private files.

Since Prevent Direct Access Gold version, all protected files are accessible to its author by default, regardless of how the file access permission is set.

(3) Customize “No Access” Page

Allow you to select which page, post or even a custom link to display when users have no access to your protected files or when they click on expired private download links. In other words, unauthorized users will be redirected to this “No Access” page.

The default “No Access” page is your website’s 404 error page.

(4) Search & Replace

This option should be enabled when you are to protect files already embedded in content.

As soon as you enable this option, “Apply to these pages or posts only” will be shown allowing you to choose which pages or posts you want to replace unprotected file URLs in content.

(1) Change Download Link Prefix

Allow you to change “private” prefix of your private download links. By default, your download links look something like If you change “private” into “membership”, all your download links will become

Please note that a valid prefix contains lowercase English letters (a-z), numbers (0-9), dash (-) and underscore (_) only.

If you enable this option, when a file is protected, our plugin will automatically create a new private download link for it. This applies to new file uploads only. Our Gold version won’t auto-generate new download links for existing protected files.

(3) Force Download

Force users to download a media file when they click its download links by enabling this option.


(1) Disable Right Click

Turn on this option to disable text selection and right-clicks on all your web pages. It makes it harder for visitors to copy your content, thus preventing content thief.

(2) Hide WordPress version

Prevent attacks that exploits known vulnerabilities on old versions of WordPress. It’s recommended to always keep your WordPress installation up-to-date.

(3) Prevent Hotlinking

Prevent other people from stealing and using your images or files without permission. It means other people cannot copy and embed your file URLs in their own websites anymore. The images won’t be displayed. Other documents won’t be accessible either.

(4) Disable Directory Listing

Turn on this option if you don’t want others to browse and view all of WordPress folders and subdirectories.

(5) Block Access to Sensitive Files

Hide all your sensitive files about your WordPress installs such as readme.html, license.txt, and wp-config-sample.php.

(6) Grant Web Crawlers Access

Enable this option to grant specific search engines and social network bots to access the protected files.

As a result, when you share a protected file URL on social media sites, the file preview will still display. So everyone can see but they won’t be able to access the file directly.


(1) File Protection Control

Enable you to select user roles who can protect or unprotect your private files. Users without permission will still be able to see the file protection status, but there is no way to change it. By default, administrators, editors, and authors are allowed to protect or unprotect your WordPress files.

  • According to WordPress roles and capabilities, Authors are only allowed to publish and manage their own posts by default, and so, protect or unprotect their own files
  • This File Protection Control (FPC) doesn’t interfere with the auto-protection of new media files feature. For example, if you set all file uploads by editors to be auto-protected as well as remove editors from this FPC, any files uploaded by editors will still be auto-protected.

(2) Enable Debug Logs

Turn on this option when you get into trouble with our plugin and want us to debug and troubleshoot the issues for you. No personal and sensitive data is tracked. Refer to What happens when enabling Debug Logs?

Consider using our Raw URLs with these limitations when you’re using or Nginx-based hostings that don’t support rewrite rules modifications.

For Nginx servers that also support .htaccess rewrite rules such as Flywheel and Cloudways, our Raw URLs and file protection will work as expected without any limitations.

Once enabled, your download links, for example, will become something like,
instead of as normal.

Similarly, the protected links are changed as well:

  • Default URL:
  • Raw URL:

(4) Download Large-size Files

Enable this option to avoid timeout issues when downloading large-size files. This option will be integrated into our cores (turned on by default) in the upcoming versions.

(5) Remove Data Upon Uninstall

By default, we will remove all our plugin’s database tables upon deletion of our plugin. If this option is enabled, your license and ALL related data will also be removed from the database upon uninstall. Your license may NOT be used on this website again or elsewhere anymore.

Remember to click “Save changes” to update your settings preferences.

Lasted updated on October 6, 2022