How to Protect WordPress Media Files

If you’re looking to protect the media files you upload to your WordPress website, this is the guide for you.

In this guide, we’ll explore the limitations of WordPress protect media files and what you can do to protect them more securely.

Specifically, we’ll walk you through:

• The benefits of protecting WordPress media files.
• Limitations of WordPress in protecting media files.
• A tool you can use to protect WordPress media files.

But first, let’s explore the benefits of protecting your WordPress media files.

The benefits of protecting WordPress media files

WordPress media files are any images, videos, audio files, or other types of documents that are uploaded to a WordPress site. These files can be used in a variety of ways, such as in blog posts, pages, and product listings. However, it is important to protect WordPress media files from unauthorized access and theft.

Who would benefit from protected media files?

There are many different types of websites and owners who would benefit from protecting their WordPress media files. Some examples include:

• Photographers: Photographers can use WordPress to showcase their work and sell prints and digital downloads. Protecting their media files ensures that only authorized users can access them.
• Bloggers: Bloggers often use a variety of media files in their posts, such as images, videos, and infographics. Protecting these files helps to prevent unauthorized use and copyright infringement.
• Ecommerce sites using WooCommerce: Ecommerce sites typically use media files to display product images and videos. Protecting these files helps to prevent them from being copied and used by other businesses.
• Membership sites: Membership sites often offer exclusive content to their members, such as images, videos, and e-books. Protecting these files helps to ensure that only paying members can access them. Using the tool in this guide will work for such sites that don’t need all the features of a fully-fledges membership plugin.

What are the benefits of using WordPress to protect media files?

There are many benefits to protecting WordPress media files, including:

• Preventing unauthorized access: By protecting your media files, you can prevent unauthorized users from accessing them. This can help to protect your privacy and prevent your files from being stolen or used for malicious purposes.
• Safeguarding copyrighted material: If you own the copyright to any of the media files on your WordPress site, it is important to protect them from unauthorized use. This can help to prevent copyright infringement and protect your financial interests.
• Prevent malware infections: Hackers often target media files to infect websites with malware. When you prevent direct access, you’ll make it more difficult for hackers to compromise your site.
• Give you peace of mind: Knowing that your media files are protected can give you peace of mind and allow you to focus on other aspects of running your website.

So now we know the benefits, let’s talk about WordPress.

Limitations of WordPress in protecting media files

WordPress is a powerful content management system (CMS) that allows users to create and manage websites of all kinds. One of the features of WordPress is the ability to upload and store media files, such as images, videos, and audio files. These files can then be used in blog posts, pages, and other content on the website.

How WordPress lets you upload files

There are two ways to upload files to WordPress:

• Media Library: The WordPress Media Library is a built-in feature that allows users to upload and manage media files from the WordPress dashboard. You can add pretty much any file type to the Media Library and it’s very easy to use.

• wp-content/uploads file path via FTP: Users can also upload files to WordPress by connecting to the server using FTP (File Transfer Protocol) and uploading the files to the wp-content/uploads directory.

These two methods are pretty standard, but how are the files protected?

How WordPress protects media files

WordPress itself does not offer many options for protecting media files. By default, all uploaded media files are stored in the wp-content/uploads directory, which is accessible to anyone who knows the URL.

This can be a security concern, especially for websites that store sensitive or valuable media files.

For example, any user who knows the URL of the wp-content/uploads directory can access the media files stored there. This means that unauthorized users could potentially access and download sensitive or valuable media files.

WordPress media files are also vulnerable to tampering by unauthorized users. For example, a hacker could inject malicious code into a media file or modify the file in a way that causes it to distribute malware to visitors to your site. It is important to have a way to verify the integrity of your media files to ensure that they have not been tampered with.

So, with these security concerns in mind, how can we protect WordPress files on our websites? Well, to give your media files the protection they need, you’ll need the help of a tool.

The need for a plugin: introducing Filr

Filr is a file protection WordPress plugin that allows you to protect your WordPress media library files in a few different ways. Let’s say you want to protect your PDF uploads from not only site visitors, but specific user roles too.

Filr allows you to do the following:

• Encrypt File IDs – this masks the attachment ID in the URL which is added by default in WordPress. By masking this (hiding it from view), you’ll prevent unauthorized viewers from finding the original source URL of the file.
• Set secure download links – this hides the path to the file and instead shows a short URL as a link to the media file. This means unwanted users can’t see how to get to the file itself through your media uploads folder.
• Restrict access via .htaccess or index.php – with Filr, you can automatically create an index.php file that will hide the content of your download directory, or use .htaccess to prevent browsing of your uploads directory via a 403 (forbidden access) code. This also has the added benefit of restricting access by search engines like Google.
• Restrict file access via emails or user role – you’ll also be able to restrict access to specific file uploads via setting user role and email restriction.
• Restrict file uploads via user role and email – should you want to allow users to upload their own files to your website, you can restrict who has access to this via user roles and email addresses. This way only the people you want will be able to upload new files.

That’s a lot of protection in one plugin! Filr not only allows you to create private files, but protect your WordPress uploads, and create private download links too.

So, with all this in mind, let’s get it set up and take a closer look in the next tutorial section.

How to WordPress protect media files with Filr

To use Filr to protect your WordPress media files, you’ll first need to purchase the Filr plugin: https://patrickposner.com/filr/

Then, take the following steps to get it installed:

1. Go to Plugins > Add New on your WordPress dashboard and click the Upload Plugin button. 
2. Select the ZIP file of the extension you previously downloaded and click Install. 
3. When the installation is done, click on Activate Now. 
4. Enter the license key and click Agree & Activate, and that’s it.

Now that we have Filr installed, let’s get to securing your WordPress website.

Step 1: Secure all files via encryption

The first step is to get your file directory in WordPress admin secured. This is the step where we’ll pick our protection method and secure our links.

The good news is, doing this only takes a few clicks and Filr takes care of the rest:

1. From your WordPress dashboard, go to Filr > Settings and click the Status tab at the top of the page.
2. The first thing we’ll need to do is select our Protection Mode. You have a few options here depending on what you’re after, but for full protection, we recommend .htaccess file.
3. Next, you’ll want to click on the toggle button next to Secure download links. This will create the short URL file path to all media uploads.
4. Lastly, click the toggle button next to Encrypt File-ID in URL. This will replace the file ID with one Filr has created.
5. Once you’re happy with these changes, save them.

So now we have your secure foundation set. Next, we’ll walk you through securing a specific media file to not prevent unauthorized website visitors from even seeing it on your website.

Step 2: Protect a specific media file

For this step, we’re going to upload a file we want to protect to WordPress, restrict access via a user role, and then we’re going to make it invisible to non-logged-in users.

To do this, take the following steps:

1. From your WordPress dashboard, go to Filr > Add New to create a new file we can protect.
2. Upload your file to the uploader (this can be anything from a jpeg, to a png, PDF, and more).

3. Once done, on the right, you’ll see the User Options section. It’s here you can restrict this file, either by email or user role. In this case, we’re going to restrict this file to Editors only.

4. Publish your file and copy the File Download URL from the top of the page.

If this is all you need to do, you can stop here. But if you’d like to add this file to a WordPress page or post and prevent guest users from seeing it, we’ll show you how.

1. From your WordPress dashboard, go to Pages > Add New.
2. Give your page a title as you usually would, and add your page content.
3. To add your image, paste in the Download URL you copied from earlier. The image will then appear.

This image will only be visible to users who are logged in with the user role Editor. Anybody else viewing the site, will see nothing.

Protect your WordPress media files today

It doesn’t matter if you’re uploading jpgs, gifs, or important documents. The files you upload to your WordPress website should be as secure as possible.

WordPress gives us great control over uploading and storing files, but to secure them, we need a little extra help.

This is where Filr comes in, the best WordPress plugin for not only protecting your media files, but by restricting them, allowing user uploads, organizing them, and so much more.

If you want full control over your files in WordPress, Filr has your back.