Along with pages and posts, media files play a key role in every WordPress site. They help enhance your site, illustrate products/services, and liven your stories up. Without visual content, it’s not a complete website at all.
WordPress provides a built-in Media Library enabling you to upload, store, and manage your images, videos, documents, etc. Any user roles having access to the WordPress dashboard are able to access all of your files. This creates an inconvenient experience, especially when you have private areas on your site.
To prevent this, you can restrict the WordPress media library permissions so the users can view their files only. In this article, we’ll explain why you need to restrict media file access in the library as well as introduce 2 ways to achieve that in detail. A bonus tip to protect WordPress files will wrap this article.
Let’s hop in!
Why You Need to Restrict Media Library Access
As mentioned, WordPress gives logged-in users like admins, editors, authors, or even guest authors the right to view any files inside the media library. There would be no problem if you have a website for internal users only. Your teammates can freely upload images or view other members’ files.
In case you have a lot of users accessing your WordPress, managing certain restrictions appears necessary. Take a client project-shared website as an example. You upload a PDF document to the Library to share the project with client A, but client B logs in, and he can still see it. Not only does this annoy customers’ experience but also affects your brand’s image.
There are 2 different methods to restrict WordPress library access. You can either add code to the theme functions.php file or make use of a plugin. The former way best suits tech-savvy users who are familiar with coding while the latter is more suitable for non-techies.
How to Manually Change WordPress Media Library Permissions
Before making any changes to code, you must create a backup of your site and add code to the child theme file. This helps avoid losing data and keeps your site safe. When an error occurs, you can restore the previous version of the website.
The following guide shows you how to add code to the theme file and impose media library restrictions.
- Open Appearance > Theme Editor in your WordPress admin dashboard
- Choose Theme Functions (functions.php) file under the Theme Files menu
- Insert the code below to the file
[ht_message mstyle=”info” title=”” show_icon=”” id=”” class=”” style=”” ]add_filter( ‘ajax_query_attachments_args’, ‘wpb_show_current_user_attachments’ ); function wpb_show_current_user_attachments( $query ) { $user_id = get_current_user_id(); if ( $user_id && !current_user_can(‘activate_plugins’) && !current_user_can(‘edit_others_posts’) ) { $query[‘author’] = $user_id; } return $query; } [/ht_message] - Update the file
To explain how the code works, you’re forcing WordPress to find the “edit_others_posts” filter in each user’s profile. If WordPress can’t find this, your users are not allowed to view others’ files. They just can see their own uploads.
Manage WordPress Media Library Permissions Using Plugin
Don’t want to risk your site performance by changing the theme files? Installing a third-party plugin would be a smart choice.
We recommend Restrict Media Library Access for your library access management. Actively installed in over 2 thousand WordPress sites, this is the most popular media library permission plugin currently.
The plugin primarily limits access for authors and contributors to see their own file uploads. This won’t mess their uploads with others and saves their time when finding old files. Bear in mind that, admins and editors can still view everyone’s uploads.
All you need to do is install the plugin and have it handle the job automatically.
- Go to Plugins > Add New in your admin dashboard
- Type ‘restrict media library access’ in the keyword box
- Click the Install Now and Activate buttons
That’s it!
Protect WordPress Media Files
You can stop authors and contributors from viewing others’ files in the library of the backend. Have you ever thought of preventing access to your files against unauthorized users from the front end?
Luckily, you have the PDA Gold plugin at hand. The plugin allows you to block unwelcomed users from opening or downloading media files on your site. They will be redirected to a 404 not found page when attempting to view your image or PDF document.
To grant permitted users access to your protected files, you can create and send them unique private download links.
To start using the plugin, you need to:
- Install and activate PDA Gold on your WordPress site. It will add a new Prevent Direct Access Gold to your admin menu.
- Head to the Media Library.
- Look for the file you intend to protect.
- Hover its name and click ‘Protect’ under it.
- Click ‘Configure file protection.’
- Auto-generate new random private download links or customize your own ones.
It’s possible for you to set the link expiry date or expiration to make it expire after a specific day or a number of clicks. As a result, users won’t be able to download your files once the links expire.
The plugin also discourages search engines from indexing your private files. In other words, users can’t catch them up randomly on search results.
PDA Gold protects unlimited files of any format. You can secure images (PNG, JPG), videos (MP4, MOV), or audio (MP3).
Manage WordPress Media Library Permissions Effectively
Since WordPress lets authors see uploads of others, to stop this, you should control your WordPress media library permissions in the right way.
We’ve shown you 2 methods to change the library visibility for authors and contributors. You can add code to the functions.php file or use the Restrict Media Library Access plugin. If you manually do it, remember to back up your site and insert custom code to the child theme. Installing a plugin will help you get rid of these headaches.
Plan to protect files so that visitors can’t view them? Let’s give PDA Gold a try! Its how-to-guide is already included above.
