Prevent Direct Access (PDA) Gold and its extensions are compatible with 96.9% of web hosts out there including Bluehost and Pagely.
In particular, PDA Gold works out of the box with almost all hosts running on Apache and LiteSpeed servers – without any extra setup or complex configuration.
In case our plugin is somehow unable to put our rewrite rules on your .htaccess automatically, you should try to do it manually.
However, due to some specific set up of certain hosting platforms, there are some considerations and configurations listed below.
- InMotion
- SiteGround
- Godaddy
- Namecheap
- Bluehost
- 34SP.com
- Nginx hosting servers
- Other hosting providers & solutions
If you come across a hosting company that doesn’t recommend PDA Gold, please let us know so that we can contact and work them directly to make their hosting servers compatible with our PDA Gold.
InMotion Hosting
InMotion Hosting comes with a WordPress-optimized server which utilizes Nginx as a reverse proxy in front of Apache. They provide you with a Cache Manager tool to manage the cached resources.
However, there is a bug in their Cache Manager’s Bypass URL setting that stops our PDA Gold from working properly.
We have contacted InMotion both directly and on behalf of our customers. Here’s a reply from their chat support in quotes:
Thanks for holding. There is a way that can be done, however we in Support wouldn’t be able to advise you how to do that. You would need to speakk with the Managed Hosting Team. They would be able to advise you and/or configure that for you. Unfortunately its outside of the scope of support for the standard Support team. I’m sorry
You can email them at advanced@inmotionhosting.com
I wouldn’t be able to email them for you I’m sorry. You would have to email them directly
That’s not helpful at all but we did follow up and contact their so-called “advanced support”. So did our customer. However, we haven’t got a reply, let alone a solution to this issue.
Overall, we find InMotion support (both live chat, ticketing system, and email support) very disappointing. They either keep pushing the responsibility to someone else or just stay silent. It usually took them 3-4 working days just to reply to a simple email. In short, we would not recommend InMotion Hosting to our customers at all.
Solutions:
- Disable Cache Manager tools on InMotion Hosting OR
- Enable our Raw URLs OR
- Simply change to a better hosting provider such as SiteGround or Bluehost
SiteGround
Update: SiteGround has made a major upgrade on its caching system since early 2020. As a result, our Prevent Direct Access Gold plugin is now working seamlessly with SiteGround without any extra configurations.
- If you’re using NGINX Direct Delivery caching option, you can enable Raw URLs and use it with some limitations.
- At the moment, SiteGround doesn’t provide us with an option to exclude our _pda folder from the NGINX Direct Delivery caching.
- The good news is they’re currently working on it. According to their support, you can expect the option to be available soon, possibly in the upcoming months.
- Otherwise, you don’t have to do anything else. Our PDA Gold works perfectly with the Dynamic Cache option.
There is a known issue with SiteGround static and dynamic (which requires the static cache to be enabled) cache. Our team has confirmed with SiteGround support and they have also acknowledged that:
- Protected files including documents and images will always be cached immediately upon access from an authorized WordPress user. As a result, they will then be accessible to all of your visitors, which stops our File Access Permission from working properly.
- Static content such as documents and images cannot be excluded via the Dynamic cache exclude feature (SG Optimizer plugin). This feature allows you to exclude dynamic web pages only.
Solution: Since it’s a serious limitation from SiteGround affecting the file protection of our plugin, we recommend:
- Disable Dynamic (and Static) cache but keep SiteGround Memcache enabled still
- Install a good cache plugin such as WP Fastest Cache or WP Rocket
Our team is still working closely with SiteGround support to find a better solution to this problem. SiteGround support is awesome, by the way.
GoDaddy
We’re using cookies to check our File Access Permission, i.e. whether the user is logged in or not. However, there are some cookie issues reported by our customers using GoDaddy. Cookies are sometimes striped or altered from the file requests, which leads to incorrect file protection.
“Connection”:“close”,“X-Host”:“dfatrustportal.com”,“X-Forwarded-Type”:“ssl”,“Accept-Encoding”:“gzip”,“X-Varnish”:“1636331016",“X-Cookies”:“wordpress_logged_in_99896915edcff0e954a694828fb9aca9=admin02%7C1556245653%7COHJJFFBqB8zzIXZvwpSDjRXQHoWe6HOhluTxnGVxFGR%7C4939dea04f7b78cee17e239004c480f4471f11d3adb8b5253cfd0db7e7de9f35;
Update: We have tweaked our codes for our functions to work properly with Go Daddy’s altered cookies. This cookies issue has been resolved since our PDA Gold version 3.1.0.
Godaddy’s Managed WordPress hosting also comes with a caching feature making use of Apache Traffic Server (ATS). While this speeds up your website’s load time, the server also caches all file requests coming from your website. As a consequence, your private files will be no longer protected by our plugin.
Solutions: simply enable our Raw URLs settings option before you protect any files. You should:
- Always use our raw URLs, e.g.
http://godaddy-website.com/index.php?pda_v3_pf=/_pda/2019/05/protected-file.pdf
(1) - Never use direct file URLs, e.g. http://godaddy-website.com/wp-content/uploads/_pda/2019/05/protected-file.pdf (2)
Your file URL is automatically changed to our raw URL once you’ve enabled our settings option.
Once a protected file direct URL (2) is accessed, i.e. by an admin, it’s cached by Godaddy’s cache server. So, anyone will be able to view it (without having to log in or have the right File Access Permission). In this case, you should clear (flush) the cache:
Our Raw URLs (1) won’t be cached by Go Daddy’s cache server.
Pantheon
According to our customer’s report, Pantheon.io does not allow Nginx rewrite rule customization. You have to enable our Raw URLs settings option for our plugin to work properly on your website. Please confirm with Pantheon.io support team.
Follow this tutorial for our PDA Gold to work on Pantheon.
Namecheap
Namecheap is using the Nginx server. What you need to do is simply reaching out to their support and ask them to implement our custom Nginx rewrite rules.
Me: Hello... I want to implement custom rewrite rules Namecheap CS: Please specify the exact rule you want to set. Me: Here you go: rewrite wp-content/uploads(/_pda/.*\.\w+)$ "/index.php?pda_v3_pf=$1" last; rewrite private/([a-zA-Z0-9-_]+)$ "/index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy" last;
Make sure you clear Namecheap cache after implementing those rules for our protection to work properly.
Bluehost
If your protected files are still public, it might be due to one of the following reasons.
1. The rewrite rules haven’t inserted into the .htaccess file
To protect WordPress rules, our plugin needs to add some redirect rules to the .htaccess file. The process should be done automatically during the plugin activation.
That said, if you don’t see our rewrite rules in the .htaccess file, simply follow the 2 steps below to fix it.
- Navigate to Settings >> Permalinks from your admin dashboard and update the link format (that should be different from the Plain option).
- Go to our PDA settings page and click on the “Save changes” button. Our plugin will try to add the rewrite rules for you again.
2. The files are cached with Cloudflare
Cloudflare is now automatically enabled on active Bluehost websites by default.
Therefore, you might need to access your Bluehost account and clear the cache for the protected file URLs.
You should also contact the support team and require them to exclude the _pda
folder from Cloudflare’s cache.
34SP.com
34SP.com is using the Nginx server. What you need to do is simply reach out to their support and ask them to implement our custom Nginx rewrite rules as following:
location ~ "^/private/([a-zA-Z0-9-_]+)$" { rewrite ^/private/([a-zA-Z0-9-_]+)$ /index.php?pda_v3_pf=$1&pdav3_rexypo=ymerexy last; } location ~ "^/wp-content/uploads(/_pda/.*\.\w+)$" { rewrite ^/wp-content/uploads(/_pda/.*\.\w+)$ /index.php?pda_v3_pf=$1 last; }
Hosting Providers & Solutions
No config needed | Use Raw URLs | Implement Rewrite Rules |
---|---|---|
Bluehost | aruba.it | Namecheap |
Pagely | InMotion Hosting | |
Other Apache & LiteSpeed-based | SiteGround | |
GoDaddy |