You need to create a .htaccess file in order to block the file access from direct url entry. The below code should work for you.
RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite\.com/ [NC] RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC] RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ http://yourwebsite.com/ [NC]
There is also a previous post on this in the WordPress Stack exchange on this LINK
The best way to protect uploaded media in WordPress?
Hope that helps.
Andy