I have a restricted area on a website that can only be accessed by logged in users. For that I created a page template with a ‘current_user_can()’ condition.
My problem is that the documents attached to the restricted pages are still accessible to anyone if you put the complete path into the browsers address bar.
Is there a way to restrict the access to uploaded files ?
EDIT : I want to clarify, the files should be accessible only to logged in users.
This isn’t really a WordPress question – but you can add a rewrite rule to prevent access unless the referrer is your own domain.
[Update]
You’ll need to do 2 things
Add a rewrite rule (either directly with .htaccess or by using WP_rewrite (Codex reference). The aim here is to deny requests to your documents that don’t have your domain as a referrer – this stops people pasting the link into a browser’s address bar
Wrap your download links in an is_user_logged_in (Codex reference) conditional block – that way they will only show up on the page if the user is logged in
A code example is available in a related question:
