Web Hosting Compatibility

Prevent Direct Access (PDA) Gold and its extensions are compatible with 96.9% of web hosts out there including Bluehost and Pagely.

In particular, PDA Gold works out of the box with almost all hosts running on Apache and LiteSpeed servers – without any extra setup or complex configuration.

In case our plugin is somehow unable to put our rewrite rules on your .htaccess automatically, you should try to do it manually.

However, due to some specific set up of certain hosting platforms, there are some considerations and configurations listed below.

If you come across a hosting company that doesn’t recommend PDA Gold, please let us know so that we can contact and work them directly to make their hosting servers compatible with our PDA Gold.

While we’re trying our best to list all compatible hosts that we or our customers have installed and used our plugins below, this is by no means a comprehensive list of compatible hosts. If your web hosting is not listed here, it doesn’t mean their hosting is not compatible with PDA Gold. In fact, it actually means PDA Gold works just great on their hosting servers. So there is nothing that you should take note of them here.

InMotion Hosting

InMotion Hosting comes with a WordPress-optimized server which utilizes Nginx as a reverse proxy in front of Apache. They provide you with a Cache Manager tool to manage the cached resources.

However, there is a bug in their Cache Manager’s Bypass URL setting that stops our PDA Gold from working properly.

We have contacted InMotion both directly and on behalf of our customers. Here’s a reply from their chat support in quotes:

Thanks for holding. There is a way that can be done, however we in Support wouldn’t be able to advise you how to do that. You would need to speakk with the Managed Hosting Team. They would be able to advise you and/or configure that for you.   Unfortunately its outside of the scope of support for the standard Support team. I’m sorry

You can email them at advanced@inmotionhosting.com

I wouldn’t be able to email them for you I’m sorry. You would have to email them directly

That’s not helpful at all but we did follow up and contact their so-called “advanced support”. So did our customer. However, we haven’t got a reply, let alone a solution to this issue.

Overall, we find InMotion support (both live chat, ticketing system, and email support) very disappointing. They either keep pushing the responsibility to someone else or just stay silent. It usually took them 3-4 working days just to reply to a simple email. In short, we would not recommend InMotion Hosting to our customers at all.

Solutions:

  1. Disable Cache Manager tools on InMotion Hosting OR
  2. Enable our Raw URLs OR
  3. Simply change to a better hosting provider such as SiteGround or Bluehost

SiteGround

Update: SiteGround has made a major upgrade on its caching system since early 2020. As a result, our Prevent Direct Access Gold plugin is now working seamlessly with SiteGround without any extra configurations.

  • If you’re using NGINX Direct Delivery caching option, you can enable Raw URLs and use it with some limitations.

    • At the moment, SiteGround doesn’t provide us with an option to exclude our _pda folder from the NGINX Direct Delivery caching.
    • The good news is they’re currently working on it. According to their support, you can expect the option to be available soon, possibly in the upcoming months.

  • Otherwise, you don’t have to do anything else. Our PDA Gold works perfectly with the Dynamic Cache option.

There is a known issue with SiteGround static and dynamic (which requires the static cache to be enabled) cache. Our team has confirmed with SiteGround support and they have also acknowledged that:

  • Protected files including documents and images will always be cached immediately upon access from an authorized WordPress user. As a result, they will then be accessible to all of your visitors, which stops our File Access Permission from working properly.
  • Static content such as documents and images cannot be excluded via the Dynamic cache exclude feature (SG Optimizer plugin). This feature allows you to exclude dynamic web pages only.

Solution: Since it’s a serious limitation from SiteGround affecting the file protection of our plugin, we recommend:

  • Disable Dynamic (and Static) cache but keep SiteGround Memcache enabled still
  • Install a good cache plugin such as WP Fastest Cache or WP Rocket

Our team is still working closely with SiteGround support to find a better solution to this problem. SiteGround support is awesome, by the way.

GoDaddy

We’re using cookies to check our File Access Permission, i.e. whether the user is logged in or not. However, there are some cookie issues reported by our customers using GoDaddy. Cookies are sometimes striped or altered from the file requests, which leads to incorrect file protection.

“Connection”:“close”,“X-Host”:“dfatrustportal.com”,“X-Forwarded-Type”:“ssl”,“Accept-Encoding”:“gzip”,“X-Varnish”:“1636331016",X-Cookies:“wordpress_logged_in_99896915edcff0e954a694828fb9aca9=admin02%7C1556245653%7COHJJFFBqB8zzIXZvwpSDjRXQHoWe6HOhluTxnGVxFGR%7C4939dea04f7b78cee17e239004c480f4471f11d3adb8b5253cfd0db7e7de9f35;

Update: We have tweaked our codes for our functions to work properly with Go Daddy’s altered cookies. This cookies issue has been resolved since our PDA Gold version 3.1.0.

Godaddy’s Managed WordPress hosting also comes with a caching feature making use of Apache Traffic Server (ATS). While this speeds up your website’s load time, the server also caches all file requests coming from your website. As a consequence, your private files will be no longer protected by our plugin.

Solutions: simply enable our Raw URLs settings option before you protect any files. You should:

  • Always use our raw URLs, e.g. http://godaddy-website.com/index.php?pda_v3_pf=/_pda/2019/05/protected-file.pdf (1)
  • Never use direct file URLs, e.g. http://godaddy-website.com/wp-content/uploads/_pda/2019/05/protected-file.pdf (2)

Your file URL is automatically changed to our raw URL once you’ve enabled our settings option.

Once a protected file direct URL (2) is accessed, i.e. by an admin, it’s cached by Godaddy’s cache server. So, anyone will be able to view it (without having to log in or have the right File Access Permission). In this case, you should clear (flush) the cache:

Our Raw URLs (1) won’t be cached by Go Daddy’s cache server.

Pantheon

According to our customer’s report, Pantheon.io does not allow Nginx rewrite rule customization. You have to enable our Raw URLs settings option for our plugin to work properly on your website. Please confirm with Pantheon.io support team.

Follow this tutorial for our PDA Gold to work on Pantheon.

Namecheap

Namecheap is using the Nginx server. What you need to do is simply reaching out to their support and ask them to implement our custom Nginx rewrite rules.

Me: Hello... I want to implement custom rewrite rules

Namecheap CS: Please specify the exact rule you want to set.

Me: Here you go:

rewrite wp-content/uploads(/_pda/.*\.\w+)$ "/index.php?pda_v3_pf=$1" last;
rewrite private/([a-zA-Z0-9-_]+)$ "/index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy" last;

Make sure you clear Namecheap cache after implementing those rules for our protection to work properly.

Bluehost

If your protected files are still public, it might be due to one of the following reasons.

1. The rewrite rules haven’t inserted into the .htaccess file

To protect WordPress rules, our plugin needs to add some redirect rules to the .htaccess file. The process should be done automatically during the plugin activation.

That said, if you don’t see our rewrite rules in the .htaccess file, simply follow the 2 steps below to fix it.

  1. Navigate to Settings >> Permalinks from your admin dashboard and update the link format (that should be different from the Plain option).
  2. Go to our PDA settings page and click on the “Save changes” button. Our plugin will try to add the rewrite rules for you again.

2. The files are cached with Cloudflare

Cloudflare is now automatically enabled on active Bluehost websites by default.

Therefore, you might need to access your Bluehost account and clear the cache for the protected file URLs.

You should also contact the support team and require them to exclude the _pda folder from Cloudflare’s cache.

34SP.com

34SP.com is using the Nginx server. What you need to do is simply reach out to their support and ask them to implement our custom Nginx rewrite rules as following:

   location ~ "^/private/([a-zA-Z0-9-_]+)$" {

        rewrite  ^/private/([a-zA-Z0-9-_]+)$ /index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy last;
    
   }

    location ~ "^/wp-content/uploads(/_pda/.*\.\w+)$" {

        rewrite  ^/wp-content/uploads(/_pda/.*\.\w+)$ /index.php?pda_v3_pf=$1 last;

    }

Hosting Providers & Solutions

No config neededUse Raw URLsImplement
Rewrite Rules
Bluehostaruba.itNamecheap
PagelyInMotion Hosting
Other Apache &
LiteSpeed-based
SiteGround
GoDaddy
Lasted updated on November 22, 2021