From time to time, there arises the need to control access to your media files like videos, documents or pictures. WordPress does not allow you to do this without using a third party plugin. While you can find quite a few good plugins in the official WordPress Plugin Repository, none of them offer you the ability to control the access your media based on roles and users.

With the AAM Media Manager Extension, you can completely restrict access to your media files based on user or visitor roles. In this tutorial, we will show you how to restrict access for visitors from viewing PDF manuals and images.

aam-mediaSo let’s assume that you have a few PDF manuals that are only allowed to be read by authenticated users, (in other words, somebody who is registered and logged in to your website). In the screenshot, you can see that we are trying to restrict access to PDF manuals #1 and #2 as well as three images.

Each time an unauthorized user tries to access any of these media files, we should redirect them to the login page.

It is very important to limit access to your wp-content folder with htaccess, (at least to allow users to browse the content of the wp-content folder) but we are not going to cover this aspect in this tutorial.

If you have the AAM Media Manager Extension installed, you should be able to go to Posts & Pages and switch to Media Post Type, (check our Posts & Pages. General Overview tutorial for more information), and find the media file that you are trying to limit access to.

restrict-manualFirst of all, make sure that you are editing Visitor (if not, switch to Visitor on the Control Manager panel). Once you’re editing the visitor role, find your media file, (in our example we are using How to troubleshoot PC Errors? manual), and click the Manage Access button settings.  Media access READ means that you restrict all visitors from reading, previewing, and accessing this file.

Hit the Apply button and from now, any visitor will not able to read this manual. The message shown will be Access Denied.

Repeat the steps shown above for all media files that you want to restrict.

Now that we have restricted a user’s access, we will want to instruct AAM to redirect the user to login page. To do this, we will utilize ConfigPress. Go to the AAM->ConfigPress page and enter the following lines of configurations:

[frontend]
access.deny.redirect = "http://your-domain-here/wp-login.php"

Instead of ‘your-domain-here’, insert the website link where you would like the restricted user to be directed. This means that if access for any media is denied, the user will be redirected to the login page.  Now when any unauthorized visitor tries to read the manual, he or she will be automatically redirected to login page.

image-restrictedAs you might notice already, if you restrict READ access to images, they are not shown on the page, and are rather displayed as broken images. This is because AAM does not know what should be displayed instead of restricted image.  Luckily, there is a solution which will keep your pages looking clean.

With ConfigPress, you can specify a default image to be shown in place of any restricted image. Go to the Media menu and upload the image that you will use as default image. This image can be one which instructs a user to login or register to receive access to media.

Each media file, as well as each post or page, has unique ID number. You can find it in the image URL (when you hover over it). Make note of this ID and go to ConfigPress and enter these configurations right after redirect:

[media]
deny.image = "your image ID number here"

Now when you visit your page that contains restricted images, you should see that restricted images are replaced with your custom default image.

default-restricted-image