Secure Files

This WordPress plugin allows you to upload and download documents that are stored outside of your web document root for security purposes.

This is great for people using plugins like Registered Only that secure your WordPress blog (Posts, Pages, etc). The problem with these plugins is that your loose files aren't protected - only the contents of your WordPress database. So, any images or other documents you've uploaded are easily accessible to those who aren't authenticated via a plugin like Registered Only. This plugin aims to solve this problem.

secure-files-screenshot-sma.png

Secure Files works by allowing you to create a directory that is outside of your web document root and to upload/download files from that directory - all from within the WordPress Administrative Interface. You can upload files from the admin menu, or you can FTP your files up there in one step. The plugin will recognize those files, and you will be able to download them from within your WordPress Posts and Pages using a customizable prefix, such as file_id.

Best of all, this plugin has a one-click install, does not effect any "core" WordPress files or require anything crazy like a new database table, and everything can be configured from within the admin interface.

The image above, for example, can be accessed via Secure Files using the following code:

You can link to it like so:

<a href="?file_id=secure-files-screenshot-sma.png">secure-files-screenshot-sma.png</a>

To display this as an image:

<img src="?file_id=secure-files-screenshot-sma.png" alt="secure-files-screenshot-sma.png" />

Download

Download the Secure Files plugin »

Installation

First, download the plugin by clicking the link above. Then, unzip and upload the plugin to your /wp-content/plugins/ folder and activate it on the Plugins page.

Next, go to the Manage -> Secure Files page that has been added, and carefully read the Options section to configure things. There are detailed instructions on that page - but the basic idea is that you'll need to make a directory outside of your web document root and tell Secure Files where that is. Please note that your files will NOT be protected unless you choose a directory outside of your web root.

Important: Unless you are running the Registered Only plugin, your files will be still accessible to users who aren't logged into your site. Also, the Registered only plugin does NOT protect your feeds. You can disable your feeds, or set the number of items to show in your feeds to 0 via Options -> Reading in the WordPPress admin area. If you want real security, you should also disable the ability for users to register themselves on that same options page.

Support

Comments? Questions? Please visit our Forum »