Sometime there is a need to control access to your media files like videos, documents or pictures. WordPress does not allow you to do that without third party plugin and you can find quite a few good plugins in official WordPress Plugin Repository but none of which offer you the ability to control the access to your media based on roles and users.

With AAM Media Manager Extension you can completely restrict access to your media files for any user or visitor. In this tutorial we will show you how to restrict access for visitors to view PDF manuals and images.

aam-mediaSo lets assume that you have few PDF manuals that uses are allowed to read only when they are authenticated users (other words, somebody who is registered and logged in to your website). On the screenshot you can see that we are trying to protect PDF manuals #1 and #2 as well as three images.

Each time the unauthorized user is trying to access any of these media files, we should redirect them to the login page.

It is very important to limit access to your wp-content folder with htaccess (at least to do allow users to browse the content of the wp-content folder) but we are not going to cover this aspect in this tutorial.

If you have AAM Media Manager Extension installed you should be able to go to Posts & Pages and switch to Media Post Type (check our Posts & Pages. Genera Overview tutorial for more information) and in the list of all media files find media file that you are trying to limit access to.

restrict-manualFirst of all make sure that you are editing Visitor (if not, switch to Visitor on the Control Manager panel). After that find your media file (in our example we are using How to troubleshoot PC Errors? manual) and hit Manage Access button settings.  Media access READ means that you restrict access for all visitors to read, preview or access to this media file.

Hit Apply button and from now, any visitor is not able to read this manual. The message will be Access Denied.

Repeat the same step for all media files that you want to restrict.

The next step is to configure AAM to redirect user to login page when access is denied. For this purpose we will utilize ConfigPress. Go to AAM->ConfigPress page and enter next lines of configurations:

[frontend]
access.deny.redirect = "http://your-domain-here/wp-login.php"

Instead of your-domain-here insert your website link. This means that if access for any media is denied, redirect visitor to login page.  Now when visitor will try to read the manual, he/she will be automatically redirected to login page.

image-restrictedAs you might notice already, if you restricted READ access to images, they are not shown on the page (broken image). The reason for this is because AAM does not know what should be displayed instead of restricted image.

With ConfigPress you can specify the default image that will be shown instead on any restricted image. Go to Media menu and upload any image that you will use as default image.

Each media file as well as each post or page, has unique ID number. You can find it in the image URL (when you hover on it). Memorize the ID and go to ConfigPress and enter these configurations right after redirect:

[media]
deny.image = "your image ID number here"

Now when you go to your page with restricted images you should see that restricted images are replaced with your custom default image.

default-restricted-image