Protecting Files With Custom URI Rules

« MemberPress User Manual

MemberPress has some powerful features to help you protect static files. MemberPress's file protection works at the web-server level which provides an absolute protection of each file. For example, even if a person without access to a file somehow managed to get a direct link to it, MemberPress would stop them in their tracks, and ask them to register or login (if they've already registered) before being allowed to download that file.

What types of files can MemberPress Protect?

MemberPress can protect any file that is not required for the proper functioning of your website.

Therefore MemberPress can protect any file type except the following:

txt, php, phtml, jpg, jpeg, gif, css, png, js, ico, svg, woff, ttf, or xml

If MemberPress were to allow you to protect any of the above file types it would have the potential to cause serious issues on your site. If you want to distribute any of these file types we recommend just zipping them up and protecting a single .zip file instead.

Basic Example

If you have one file to protect then here's how you'd do it:

  1. Upload the file using the WordPress Media Uploader.
  2. Create a Custom URI Rule to protect the file.

Say the file you uploaded had this URL: http://example.com/wp-content/uploads/2015/10/report.pdf

The Rule you'd create for this file would be a Custom URI type pointing at just the path (part after http://example.com) to the file. So you would type only:

/wp-content/uploads/2014/12/report.pdf

in the text box for this Rule.

Easy, right? Well, for 1 or 2 files this is pretty easy but you can see how this could get seriously time consuming if you needed to protect 20, 100 or even 1000 files. So let's see how you can create 1 Rule to protect multiple files.

Multiple Files

Now let's say you have 10 files and want the same membership level to have access to each.

The idea here is that you'd want to either put each file in a special folder with FTP (recommended), or make sure that each file you upload via the Media Uploader has a common prefix (not recommended unless FTP isn't an option).

Even though we don't recommend protecting multiple files which were uploaded using the Media Uploader in WordPress, we do understand that there may be times you want/need to. Therefore, if you upload these files via the Media Uploader they'd have the following URLs:

http://example.com/wp-content/uploads/2015/10/bronze_report.pdf
http://example.com/wp-content/uploads/2015/10/bronze_report.doc
http://example.com/wp-content/uploads/2015/10/bronze_report.docx
http://example.com/wp-content/uploads/2015/10/bronze_analysis.pdf
http://example.com/wp-content/uploads/2015/10/bronze_analysis.doc
http://example.com/wp-content/uploads/2015/10/bronze_analysis.docx
http://example.com/wp-content/uploads/2015/10/bronze_groupings.pdf
http://example.com/wp-content/uploads/2015/10/bronze_groupings.doc
http://example.com/wp-content/uploads/2015/10/bronze_groupings.docx
http://example.com/wp-content/uploads/2015/10/bronze_archive.zip

Now all you'd have to do is create 1 Custom URI type Rule with this as its path:

/wp-content/uploads/2015/10/bronze_

This will protect any file in the /wp-content/uploads/2015/10/ folder that has a name beginning with "bronze_".

Multiple Files with FTP

FTP/SFTP is a robust way to transfer files from your local computer to your website. Most webhosts provide free FTP services so you can access your site files remotely from your own computer. Availability of FTP can vary from webhost to webhost, and can have different requirements, but typically you'll use an FTP client like FileZilla or Cyberduck and will connect to your server via FTP/SFTP. This will allow you to have filesystem access to your webserver to create folders and upload files in a way similar to how you'd copy files between folders on your own local computer.

In this example we'll use FTP to create a folder named /protected/ and import our files into it so we have the following URLs now:

http://example.com/protected/report.pdf
http://example.com/protected/report.doc
http://example.com/protected/report.docx
http://example.com/protected/analysis.pdf
http://example.com/protected/analysis.doc
http://example.com/protected/analysis.docx
http://example.com/protected/groupings.pdf
http://example.com/protected/groupings.doc
http://example.com/protected/groupings.docx
http://example.com/protected/archive.zip

This scenario can be superior to using the WordPress Media Uploader if you're planning on adding files to your folder later because WordPress's Media Uploader will sometimes put files uploaded at different times in different folders.

So with this example all you'd have to do is create a Custom URI type Rule with this as the path (typed into the text box for the Rule):

/protected/

Now let's look at using some more advanced matching with Regular Expressions.

Regular Expressions

Regular Expressions is a unique and descriptive search syntax commonly used across all modern programming languages to select and process text. It will allow you to protect very specific groups of files with ease.

The idea here is that it will allow you to match patterns in a given URL and protect the URL if it matches one of your Custom URI type Rules with regular expression enabled.

For example, in the FTP example from above, if you wanted to allow some users to have access to just the pdf's and others to have access to your pdf, doc, docx and zip files you could create 2 different regular expression Rules -- the first for one membership level and the second for another.

The first Rule for your first membership level would have a path of something like:

^/protected/.*\.pdf

The second Rule for your other membership level would have a path of something like:

^/protected/.*\.(pdf|doc|docx|zip)

Granted, Regular Expressions can be difficult to master, but they can provide some powerful matching and file protecting capabilities in MemberPress Custom URI type Rules. We've found that http://www.regular-expressions.info/ is a good resource for anyone wanting to figure out this powerful technology. Also, if you do have some more complex needs, our support team is quite masterful in figuring out Regular Expressions for whatever you need to protect -- so feel free to submit a support request if you need help with this feature.

Technical Requirements

Because this feature utilizes your website's underlying webserver to protect files, there are some technical requirements that must be met in order for this feature to work properly. We've written MemberPress to work with the most common server configurations out there but if things aren't working fully for you, here are some things to check:

  1. Your website must be served by Apache, Nginx or an Apache compatible webserver like Litespeed. The rewrite rules that MemberPress installs are specific to Apache, and if you're running Nginx we have additional instructions on how to get this working. If you're unsure what webserver you're using then it's probably Apache, but to be sure, you can contact your webhost.
  2. Your WordPress install should have sufficient privileges to make changes to your .htaccess file. If your .htaccess file is unwritable by WordPress then you can edit it manually by following our advanced rewrite instructions.
  3. Your WordPress install must have the ability to write files in your /wp-content/uploads folder. This is also a requirement for the WordPress Media Uploader to upload files so if that's working then this should be working as well.

We've also seen users with custom rewrite rules that have interfered with the MemberPress rewrite rules. So if this feature doesn't seem to be working and you feel like you've gone through all of these steps, please contact our support team and we'll help.