How to Configure the WordPress Prevent Files and Folder Plugin

How to Configure the WordPress Prevent Files and Folder Plugin


WordPress Prevent files/ folders access provides the easiest way to protect your WordPress files from public users so that your media library can be accessed only by WordPress logged in users. Your eBooks, pdfs, other important files, etc. so can be protected from Google indexing so that data is protected from getting stolen.

We support a level of security where you can choose either cookie-based restriction or session-based restriction.Also, we support Apache and Nginx servers to prevent the media files.

WordPress Prevent file/folder access is developed to allow you to protect files in your customized way. It will protect files based on their extension.


Pre-requisites : Download And Installation

  • Log into your WordPress instance as an admin.
  • Go to the WordPress Dashboard -> Plugins and click on Add New.
  • Search for a WordPress Prevent file access plugin and click on Install Now.
  • Once installed click on Activate.


Features With Configuration Steps

Following are the features provided in WordPress Prevent file access plugin.


    1. File Restriction

    This feature allows you to restrict the files from the website based on their extension for the website's public users(non-logged-in users).


    Follow below steps to configure this feature:


    • Write the file extension in the mentioned field which you want to restrict on your website:

    • WordPress Prevent file acccess plugin
    • Click Save Settings button.
    • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.

    Apache: We need to update the rules in .htaccess file

    Nginx: We need to update rules in nginx.config.


    2. Protected folder

    If you are looking to restrict only some selected files then you can put them in protected folder and selected files will be protected from public access.


    Follow below steps to configure this feature:


    • Go to the Protected Folder tab in the plugin.

    • WordPress Prevent file acccess plugin
    • Click on Choose file -> Select the file to restrict from your system -> Click on Upload.
    • The file will be listed in the restricted files list.

    • WordPress Prevent file acccess plugin
    • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, update the rules in corresponding file.
    • A folder with the name protectedfiles will be created in uploads folder and files in this folder will be restricted from the public user and only logged-in user will be able to access it.
    • You can remove files by clicking on Delete button.

    3. Uploads Folder Restrictions

    This feature allows you to restrict access to the complete uploads folder or any subfolder in the uploads folder. You can also select multiple folders inside the Uploads folder and they all will be restricted from public access.


    Follow below steps to configure this feature:


    • Go to the Folder Restriction tab in the plugin.

    • WordPress Prevent file acccess plugin
    • Click the folders that you want to restrict, you can click on the icon(+) to expand or compress the corresponding folder.

    • WordPress Prevent file acccess plugin
    • Click the Save Settings button.
    • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.

    4. Custom Folder Restriction

    This feature allows you to restrict access to any folder in WordPress instance. You just need to enter the folder name and all the files in that folder will be restricted.


    Follow below steps to configure this feature:


    • Go to the Folder Restriction tab in the plugin.

    • WordPress Prevent file acccess plugin
    • Enter the folder name in WP Custom Folder to restrict: field.

    • WordPress Prevent file acccess plugin

      Note: You can assign multiple folders too, just write folder names separated by comma.

    • Click the Save Settings button.
    • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.

    5. Role-based Folder Restriction

    You can use this feature to restrict access to folders based on Wordpress roles. You need to assign a folder name to the role that can access it, then only the user with that role will be able to access that particular folder.


    Follow below steps to configure this feature:


    • Go to the Folder Restriction tab in the plugin.

    • WordPress Prevent file acccess plugin
    • Click on the toggle button in Role base Folder Restriction. On toggling, the Role base Folder Restriction section will be opened.

    • WordPress Prevent file acccess plugin
    • Enter the folder names in front of every role such that the particular folders will only be accessed by corresponding roles.

    • WordPress Prevent file acccess plugin

      Note: The above settings imply that:

      • folder-A will be only accessed by Administrators( Administrator can access any folder in WordPress instance irrespective of roles restriction)
      • Folder-B will only be accessed by users with the Editor role, and no other role will be able to access folder-B(except Administrator).
      • Folder-C will only be accessed by users with the Author role, and no other role will be able to access folder-C (except Administrator).
      • You can also assign multiple folders to a role, just write the folder names separated with comma. For example, if you want Editor to have access to folder-A, folder-B and folder-C then write folder-A, folder-B, folder-C in the field corresponding to Editor.
    • Click the Save Settings button.
    • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.

    6. User-Based Folder Restriction

    You can use this feature to restrict access to certain folders only to certain users.


    Follow below steps to configure this feature:


    • Go to the Folder Restriction tab in the plugin.

    • WordPress Prevent file acccess plugin
    • Click on the toggle button in User base Folder Restriction. On toggling, the User base Folder Restriction section will be enabled.
    • Note: Role base Folder Restriction or User base Folder Restriction will not work simultaneously, so make sure only one features is active at a time
    • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.

    • WordPress Prevent file acccess plugin
    • Now go to the Users table in the WordPress admin dashboard and Edit profile of the user whom you want to give access to particular folder.

    • WordPress Prevent file acccess plugin
    • Scroll down in the user’s profile and you will get a Folder Access section.

    • WordPress Prevent file acccess plugin
    • Enter the folders that can only be accessed by the particular user.

    • WordPress Prevent file acccess plugin
    • Click on Update User button.

    7. Redirection Options

    This feature provides multiple redirect options for the file restricted i.e. the user doesn't have the access to a file then they will be redirected to that particular redirect option.


    Follow below steps to configure this feature:


    • Display Custom Page: If user is not allowed to access any file/folder then you can redirect to any page of your WordPress site. Follow below steps to configure this redirect option:
      • Go to the File Restriction tab of the plugin.

      • WordPress Prevent file acccess plugin
      • Under the Redirect Option: section: select Display Custom Page.
      • Under the Redirect to: section, list of all the pages in your WordPress site will be displayed. Select any page where you want to redirect non-logged in user.
      • Click the Save Settings button.
      • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.
    • Redirect to WordPress login: This option will redirect a non-logged in user trying to access a restricted file or folder to WordPress login page(wp-login.php). Follow below steps to redirect to WordPress login:
      • Go to File Restriction tab of plugin.

      • WordPress Prevent file acccess plugin
      • Select Redirect to WordPress login option under Choose Redirect Option:
      • Under Redirect to you will get WordPress login.

      • WordPress Prevent file acccess plugin
      • Click the Save Settings button.
      • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.
    • Redirect to SSO login:This option will redirect non-logged in user trying to access restricted file or folder to IDP login page. If you have configured OAuth SSO plugin then user will be redirect to login page of first configured OAuth/OpenID provider, if you have configured SAML SSO plugin then user will be redirected to login page of first configured IDP. Follow below steps to redirect to SSO login page:
      • Go to File Restriction tab of plugin.

      • WordPress Prevent file acccess plugin
      • Select Redirect to SSO login option under Choose Redirect Option:
      • Under Redirect to option select OAuth SSO login or SAML SSO login based on the SAML/OAuth SSO plugin you're using
      • Click the Save Settings button.
      • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.

      8. Security Level Base

      This feature determines how you want to check whether the user is logged in or not. There are two options available:


      Follow below steps to configure this feature:


      • Cookie: This will check whether the user is logged in or not based on the login cookie in the browser. This method is less secured comparative to session based security level.
      • Session: This will check whether the user is logged in or not based on the active session of the user in the WordPress site server. This is the most secured method.

      You can follow the below steps to setup the desired Security level base on your WordPress site:

      • Go to File Restriction tab of plugin.

      • WordPress Prevent file acccess plugin
      • Under Security Level Base:, select desired option.
      • Click the Save Settings button.
      • Click on the Show Rules button and select the tab corresponding to your server, you will find the required rules there, and update the rules in the corresponding file.

Server Selection

Make sure you have selected the correct server on which your website is running. Please refer to the following image


WordPress Prevent file acccess plugin

Note: For some hosting provider, you might need to communicate with the hosting provider support to update the rules in nginx.config. Please make sure that your hosting provider is ready to upload the rules. Same is valid for all the plugin features.


Recommended Plugins

WordPress Prevent files/ folders access provides the easiest way to protect your WordPress files from public users so that your media library can be accessed only by WordPress logged in users.

 Tested with 6.0.1

WordPress Login ( SSO ) with Azure AD, Azure B2C, AWS Cognito, Okta, Ping, Clever, WSO2, Onelogin, Keycloak, many OAuth & OpenID Providers [24×7 SUPPORT]

 Tested with 6.0.1

Custom Requirements

If you have any questions or if you have any other use-cases which you would like to discuss with our team of engineers please feel free to reach out at oauthsupport@xecurify.com and we will revert back to you in under 24 hours to understand your detailed use-case and make the customizations according to your requirement.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com