Under your WordPress admin dashboard, click on “Prevent Direct Access Gold” icon in the left sidebar to configure its settings.
(1) Auto-protect New File Uploads
Enable this option for our Gold version to automatically protect all your new file uploads. In case you want to protect file uploads by specific user roles, please select them from the list as below.
(2) Set File Access Permission
Allow you to choose who can access your protected files by default. User roles options include:
- Admin users (by default)
- The file’s author
- Logged-in users
- No one (means no person is allowed to access your private files)
- Anyone (means our plugin only blocks search indexing)
- Custom Roles
When you “choose custom roles”, a new “Grant access to these user roles only” option will appear, which allows you to select multiple user roles such as authors, subscribers, and contributors. Only these user roles will be able to access your private files.
(3) Customize “No Access” Page
Allow you to select which page, post or even a custom link to display when users have no access to your protected files or when they click on expired private download links. In other words, unauthorized users will be redirected to this “No Access” page.
The default “No Access” page is your website’s 404 error page.
(4) Search & Replace
This option should be enabled when you are to protect files already embedded in content.
As soon as you enable this option, “Apply to these pages or posts only” will be shown allowing you to choose which pages or posts you want to replace unprotected file URLs in content.
PRIVATE DOWNLOAD LINKS
(1) Change Download Link Prefix
Allow you to change “private” prefix of your private download links. By default, your download links look something like http://bwps.us/private/your-custom-filename. If you change “private” into “membership”, all your download links will become http://bwps.us/membership/your-custom-filename.
Please note that a valid prefix contain lowercase English letters (a-z), numbers (0-9), dash (-) and underscore (_) only.
(2) Generate Download Link Once Protected
If this option is enabled, when a file is protected, our plugin will automatically create a new private download link for it. This applies to new file uploads only. Our Gold version won’t auto-generate a new download link for existing protected files.
(3) Force Download
Users will be forced to download a media file when they click its download links if this option is enabled.
OTHER SECURITY OPTIONS
(1) Prevent Hotlinking
Prevent other people from stealing and using your images or files without permission. What it means is that other people cannot just take and embed your file URLs on their own websites anymore. The images won’t be displayed while other documents won’t be accessible.
(2) Disable Directory Listing
Turn on this option if you do not want others to browse and view all of WordPress folders and subdirectories.
(3) Hide WordPress version
Help you prevent attacks from exploiting known vulnerabilities on an old version of WordPress. It is not necessary to enable this option if you always keep your WordPress installation up-to-date.
(4) Block Access to Sensitive Files
Give you a choice in hiding all your sensitive information, such as readme.html, license.txt, and wp-config-sample.php.
(1) File Protection Control
Enable you to select user roles who can protect or unprotect your private files. Users without permission will still be able to see the file protection status, but there is no way to change it. By default, administrators, editors, and authors are allowed to protect or unprotect your WordPress files.
- According to WordPress roles and capabilities, Authors are only allowed to publish and manage their own posts by default, and so, protect or unprotect their own files
- This File Protection Control (FPC) doesn’t interfere with the auto-protection of new media files feature. For example, if you set all file uploads by editors to be auto-protected as well as remove editors from this FPC, any files uploaded by editors will still be auto-protected.
(2) Enable Debug Logs
Turn on this option when you get into trouble with our plugin and want us to debug and troubleshoot the issues for you. No personal and sensitive data is tracked. Refer to What happens when enabling Debug Logs?
(3) Keep Raw URLs
Consider using our Raw URLs with these limitations when you’re using WordPress.com or Nginx-based hostings that don’t support rewrite rules modifications.
For Nginx servers that also support .htaccess rewrite rules such as Flywheel and Cloudways, our Raw URLs and file protection will work as expected without any limitations.
Once enabled, your download links, for example, will become something like
http://pda.com/private/5bb4413c476b8 as normal.
(4) Remove Data Upon Uninstall
By default, we will remove all our plugin’s database tables upon deletion of our plugin. If this option is enabled, your license and ALL related data will also be removed from the database upon uninstall. Your license may NOT be used on this website again or elsewhere anymore.
Remember to click “Save changes” to update your settings preferences.
For version 2.0 and below
First, “Enable remote log” allows us to help you track and debug the plugin in case of errors.
Second, “Disable protected files for all logged-in users?” allows all logged-in users including admins and subscribers to see your protected files. What’s more, you can even allow specific roles to see those files by including them in the dropdown below (2).
Next, you can change the prefix of your private URLs on “URL prefix word” field.
Last, you can also automatically protect all future uploaded files by clicking on the checkbox below.