Protecting WordPress PDF Files – WPQuickies

In this lunchtime WPQuickies, I’ll show you several methods for protecting WordPress PDF files from being downloaded from the server without authorisation.

Why Would You Want To Protect Downloads?

There are many reasons why you might want to protect your PDF files.

The main reason is likely commercial.

You may be selling PDF assets as part of your business; ebooks, checklists, music sheets etc.

In other cases, you may want to protect your original work, ideas, intellectual property and such.

Last but not least, there may be private and personal documents that you don’t want Joe Public accessing – perhaps information supplied as part of a form file uploader.

Depending on your needs and circumstances, there are many different ways to protect and stop unwanted users from accessing your PDF files.

Tip1: Password Protecting A Post

In this scenario, you would embed a link to your PDF – usually uploaded to the media library, in a post.

Then you set a password for the post.

The WordPress core allows you to set a single password for a post, protecting the content.

When editing a post, click on the Visibility link in the Post properties block.

You can set the post visibility to Public, which is the default setting, Private or Password Protected.

Enter the password you want to use and update the post.

password protect post

It’s a simple solution that will suit a non-technical audience base.

However, if somebody shares that single password then everyone can get access to the content inside, exposing your PDF file to the masses.

The same situation can arise from using any membership plugin – the PDF URLs themselves are not protected and somebody could share them.

Tip 2: Password Protect WordPress Plugin

The plugin WordPress Password Protect Page – PPWP Plugin allows you to enter multiple passwords for a single post, so that could help.

You can also protect WordPress categories, WooCommerce products, a few posts, partial post content, or your entire website and it works with Elementor and Beaver Builder page builders.

Regardless of how many passwords you use to protect your post, the PDF file’s URL is exposed within the post, regardless of whether you upload it to the media library or use a cloud storage solution, and this could get shared with anyone, unprotected

Regardless of how many passwords you use to protect your post, the PDF file’s URL is exposed within the post and this could get shared unprotected.

Tip 3: Prevent Direct Access Plugin

The Prevent Direct Access plugin is a paid plugin with varying price points starting at USD$14.90 per month, they also have a lifetime deal price.

This plugin is probably one of the best all-rounder password protection plugins for WordPress assets.

There are three stand-out features:

  1. It protects media upload URLs – they cannot be directly accessed as downloads
  2. It hides media upload URLs from the search engines
  3. It allows, using the Private Magic Links addon, to automatically expire and create new private links for any media upload.

The Private Magic Links addon for the PDA plugin allows you to embed and dynamically update any private download links of your protected files

Some of the addon’s features include:

  • Set a default private download link for every single protected file
  • Set a default expiry time for all private magic links
  • Auto-replace existing unprotected URL of newly protected files
  • Automatically create a new private link and dynamically update it on your content when the previous one expires
  • Display your private files such as PDFs on your website as normal but block direct access to their file URLs.

It is a paid addon but well worth the money if you are serious about stopping people sharing a URL link to your PDF files.

Unauthorized users will just see a 404 error page when accessing protected pages as their URLs will expire and keep changing within a custom set period.

Tip 4: Protect PDF Files Directly With A Password

The plugin Simple Download Monitor allows you to password protect your downloadable files.

Visitors will need a password to download any protected files.

The plugin uses easy-to-use shortcodes to password protect your PDF files.

[sdm_download id=”271″ fancy=”0″ color=”blue”]

This shortcode embeds a plain download button/link for a file with a blue colour, using the post ID of the PDF uploaded to the media library.

password protect pdf files with shortcode

Tip 5: Embed PDF Files

Rather than let users download your PDF files, embed them directly into your posts using the PDF Embedder plugin.

The plugin has a unique method for embedding PDF files, using Javascript only, and not iframes or third-party services, so the source URL of your PDF is protected.

In the free plugin, there is no button for users to download the PDF, but download options are available in the Premium versions along with other awesome features.

Another Premium feature is Hyperlinks in your PDF being clickable. Links in the free plugin cannot be clicked.


If you are looking for the best solution to protect your PDF files, I would recommend a combination of the Password Protect WordPress plugin to protect your post content and the Prevent Direct Access plugin to hide the media upload URLs.


Join me every Thursday at 1 pm Sydney time for some more WPQuickies – WordPress tips and tricks in thirty minutes or less.

Broadcasting live on YouTube and Facebook.

Suggest a #WPQuickies Topic

If you have a WordPress topic you’d like to see explained in 30 mins or under, fill out the form below.

Watch Previous WPQuickies

WordPress vs Disqus - WPQuickies

WordPress vs Discus Comments

Was this article helpful?

Leave a Comment

Your email address will not be published. Required fields are marked *

Keep In Touch With My Weekly Blog Email

A once-per-week daily digest of my posts from the week. No sales, no spam and I will not share your details with anyone else.


Wil is a dad, WordPress consultant, WordPress developer, business coach and mentor. He co-organizes the WordPress Sydney meetup group and has been on the organising committee for WordCamp Sydney since 2014. He speaks at many special events and contributes to the WordPress open source project. His likes are chillies, craft beer and electrogravitics.

Leave a Comment

Your email address will not be published. Required fields are marked *