We all know that the files we upload on our WordPress websites are normally stored inside the uploads folder and the link to the file is very open for viewing or downloading. In some cases, we may require uploading a file that we need to only give access to logged-in users only. It can be any condition we want but the main goal is to restrict the download if the user does not fall in our condition. So, today I want to share a very simple method of doing this. I admit it is not the best possible solution, but it serves the purpose of what I was doing. If you have a better way to do this easily without plugins or too many modifications, please feel free to share!
The Process
In this tutorial, I will be going to restrict non-logged-in users from downloading files. Suppose, you have a list of files that you only offer to your registered users. You have the files uploaded in WordPress and you have them listed on a member-only page. That should do basic prevention of file sharing to non-logged-in users.
However, if the user just copies the URL and shares it with others, the file will still be available to the public without them having to even log in to your website.
That’s where we add our extra protection. When the user will access the download link, WordPress will check if the user is logged in. If not, they will be redirected to the login page, which will also redirect them to the file when they finish logging in.
You might be wondering, we just talked about user copying the link and sharing it, how will we add our extra bit of protection?
Well, we will not use the direct link to the file but instead, we will take the user to a page (let’s call it the intermediary page) that will handle the check of logged in or not and allowing download.
The Code
We will require adding a new page template, for the intermediary page. Then we will just update the direct links to our customized links.
Our download links will be like this:
https://oursite.dev/download?file={file_ID}
Code language: Bash (bash)
Let’s create a page template inside our theme folder called “page-download.php“. Copy the following code to that file.
<?php
/* Template Name: Download File */
defined( 'ABSPATH' ) || exit;
require_once( ABSPATH . 'wp-load.php');
if ( !is_user_logged_in() ) {
if ( isset( $_GET['file'] ) ) {
$file_id = intval( $_GET['file'] );
wp_redirect( wp_login_url( '/download?file='.$file_id ) );
exit();
} else {
wp_redirect( wp_login_url() );
exit();
}
} else {
if ( isset( $_GET['file'] ) ) {
$file_id = intval( $_GET['file'] );
$file = get_attached_file( $file_id );
$file_mime = get_post_mime_type( $file_id );
/* == Download File ==
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"" . basename($file) . "\"");
readfile( $file );
*/
/* == Open File == */
header("Content-Length: " . filesize ( $file ) );
header("Content-Type: ".$file_mime);
header("Content-disposition: inline;
filename=".basename( $file ));
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
readfile( $file );
}
}
Code language: HTML, XML (xml)
You can let the user either download the file or open the file. Based on your requirement, you can uncomment or comment on parts of the code.
Now create a new page called “Download” and select the created page template from the Page Attributes. Try downloading a file while you are not logged in, you will be redirected to the login page.
That’s it! This was rather a quick tutorial. I plan to share more quick tutorials here so don’t forget to check back regularly.