Under your WordPress admin, click on “Prevent Direct Access Gold” in the right sidebar to configure its settings.



(1) Auto-protect New File Uploads

Enable this option for our Gold version to automatically protect all your new file uploads. In case you want to protect file uploads by specific user roles, please select them from the list as below.

(2) Set File Access Permission

Allow you to choose who can access your protected files by default. User roles options include:

  • Admin users (by default)
  • The file’s author
  • Logged-in users
  • No one (means no person is allowed to access your private files)
  • Anyone (means our plugin only blocks search indexing)
  • Custom Roles

When you “choose custom roles”, a new “Grant access to these user roles only” option will appear, which allows you to select multiple custom user roles such as authors, subscribers, and contributors. Only these user roles will be able to access your private files.

(3) No Access Page

Allow you to select which page (or post) to display when users have no access to your protected files. In other words, unauthorized users will be redirected to this no access page. The default no access page is your website 404 page.

Please note that you have to type at least 3 characters for our search to start displaying the corresponding results. For example, when typing “log” on the search box, there are 2 pages on our demo site that match your typing keyword. Simply select the page that you want to.

(4) Search & Replace

This option should be enabled when you are to protect files already embedded in content.

As soon as you enable this option, “Apply to these pages or posts only” will be shown allowing you to choose which pages or posts you want to replace unprotected file URLs in content.

(5) Change Private Link Prefix

Allow you to change “private” prefix of your private download links. By default, your private download links look something like If you change “private” into “membership”, all your private links will become

If this option is enabled, when a file is protected, our plugin will automatically create a new private link for it. This applies to new file uploads only. Our Gold version won’t auto-generate a new private link for existing protected files.

(7) Force Download

Users will be forced to download a media file when they click private links if this option is enabled.


(8) Prevent Hotlinking

Prevent other people from stealing and using your images or files without permission. What it means is that other people cannot just take and embed your file URLs on their own websites anymore. The images won’t be displayed while other documents won’t be accessible.

(9) Disable Directory Listing

Turn on this option if you do not want others to browse and view all of WordPress folders and subdirectories.

(10) Hide WordPress version

Help you prevent attacks from exploiting known vulnerabilities on an old version of WordPress. It is not necessary to enable this option if you always keep your WordPress installation up-to-date.

(11) Block Access to Sensitive Files

Give you a choice in hiding all your sensitive information, such as readme.html, license.txt, and wp-config-sample.php.


(12) Enable Debug Logs

Turn on this option when you get into trouble with our plugin and want us to debug and troubleshoot the issues for you. No personal and sensitive data is tracked. Refer to What happens when enabling Debug Logs?

This option should be enabled only if you’re using or Nginx hostings that don’t support .htaccess rewrite rules.

Once enabled, your private links, for example, will become something like,
instead of as normal.

(14) Remove Data Upon Uninstall

If this option is enabled, your license and ALL related data will be removed from the database upon uninstall. Your license may NOT be used on this website again or elsewhere anymore.

Remember to click “Save changes” to update your settings preferences.

For version 2.0 and below

First, “Enable remote log” allows us to help you track and debug the plugin in case of errors.

Second, “Disable protected files for all logged-in users?” allows all logged-in users including admins and subscribers to see your protected files. What’s more, you can even allow specific roles to see those files by including them in the dropdown below (2).

Next, you can change the prefix of your private URLs on “URL prefix word” field.

Last, you can also automatically protect all future uploaded files by clicking on the checkbox below.

Lasted updated on December 10, 2018