This tutorial shows how to require user login to access any files stored in the WordPress Media Library. So for example, let’s say that you have a bunch of images uploaded via the Media Library. And you want to protect those images, videos or PDFs, so that they are not accessible to the general public. The user must log in to access any media files. Once the user is logged in, then they will have full access to all files. This technique is useful for any site where you want to require login to access content. This is the harder way, but it is more secure than the "easy" way with cookies, but I cannot figure out how to redirect the unlogged in user to anywhere but the WP admin login.

1. Put the following code in the htaccess file on the wordpress root (where wp-config.php etc is found). Besure not to put this inside dynamically generate wordpress htaccess content as it will be overwritten. Instead, put it outside (you can have 2 instances of <IfModule></IfModule>) in one htaccess file.

NOTE: THIS PROBABLY ONLY WORKS FOR APACHE SERVERS (SEE HARD FOR INGINX SERVERS--ALTHOUGH IT HAS NOT BEEN TESTED--IN THIS FILE FOLDER)


<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} \.(pdf|doc|docx|odt)$ [NC]
RewriteCond %{REQUEST_FILENAME} -s
RewriteRule ^wp-content/uploads/(.*)$ dl-file.php?file=$1 [QSA,L]

</IfModule>


2. put the "dl-file.php" on the same wordpress root. BE SURE TO CLEAR ALL BROWSER DATA IF YOU'VE RECENTLY VIEWED A PROTECTED PDF FILE, AS THE BROWSER CAHCE WILL STILL SHOW THE PROTECTED FILE IF BROWSING DATA IS NOT CLEARED. THAT'S IT. USED ON MEMBERS.CAFII.COM