This is not quite trivial, because natively WP is engineered to completely ignore requests to existing files. So WP doesn’t pay attention to files and .htaccess doesn’t have access to WP’s logged in information.
If you look for prior art (in plugins for selling digital files for example) this isn’t easily (at all?) doable with direct links. Typically special download links are created and processed by plugins to serve files while masking it’s true name/location (which should be restricted from direct access or not in web accessible folder at all).
Related Posts:
- Login page ERROR: Cookies are blocked due to unexpected output
- Block Logged-Out User Access to Directory Outside of WordPress using .htaccess and PHP file
- How to edit .htaccess to change site’s login url?
- deny IPs from wp-login using .htaccess
- 404 redirect wp-login and wp-admin after changing login url [closed]
- How do I limit access to wp-admin to an IP range?
- Login failed after cloning live wordpress site to local wampserver
- After moving WordPress to its own directory, login doesn’t work
- In Django, how do I know the currently logged-in user?
- Can I programmatically login a user without a password?
- Can’t log in: “ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”
- Is there any way to rename or hide wp-login.php?
- How to login with email only no username?
- How can I redirect user after entering wrong password?
- Site Redirecting to wp-signup.php
- Moving a WP Multisite to a subdirectory
- Increase of failed login attempts, brute force attacks? [closed]
- Separate registration and login for different roles
- SSO / authentication integration with external ‘directory service’
- Preventing session timeout
- How reduce wordpress login session timeout time?
- How to prefill WordPress registration with social details
- Check for correct username on custom login form
- Disallow user from editing their own profile information
- Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
- I can’t access my site via wp-admin
- ‘Password field is empty’ error when using autofill in Chrome
- Removing username from the ‘wordpress_logged_in’ cookie
- How to show ‘login error’ and ‘lost password’ on my template page?
- What is $interim_login?
- Custom login form
- How to prefill the username/password fields on the login page
- wp_signon returns user, but the user is not logged in
- Adding extra authentication field in login page
- Prevent wp_login_form() from redirecting to wp-admin when there are errors
- Redirect user using the ‘wp_login_failed’ action hook if the error is ’empty_username’ or ’empty_password’
- wp_signon() does not authenticate user guidance needed
- What exactly is ReAuth?
- What are the differences between wp_users and wp_usermeta tables?
- Login members using web services
- Make my wordpress blog remember my login “forever”
- How to check in timber if user is loggedin?
- How do I change the language of only the login page?
- multisite 404 error for subdirectory
- Disable WordPress 3.6 idle logout / login modal window / session expiration
- Stop WordPress from logging me out (need to keep me logged in)
- Woocommerce registration page [closed]
- How to disable autocomplete on the wp-login.php page
- Share login data/cookies between multiple installations
- Synchronize WordPress user accounts across multiple domains and installations without using WordPress MU
- How to pass users back and forth using session data?
- How do I change the logo on the login page?
- Move WordPress to subdirectory, keep ALL URLs
- Why does WordPress hide the reset password key from the URL?
- Is it possible to sign in with user_email in WordPress?
- How to use current_user_can()?
- Avoid to load default WP styles in login screen
- WordPress registration message
- How to fake a WordPress login?
- how to display the wordpress login and register forms on a page?
- WP-Admin not working properly at WordPress multisite with subdirectories
- Does wp_logout_url() destroy a session? (Logging out question)
- How can I send a welcome email to a user AFTER they login for the first time?
- Can not login with correct username and password
- Website Visible only to Registered users
- How can i increase the login expiration length?
- How do I use add_action from a class method?
- How to remove the WordPress logo from login and register page?
- How can I add a custom script to footer of login page?
- Brute force attack?
- Customize wp_new_user_notification_email()
- Need to execute a cron job
- Permalink Issues by Installing WordPress in Subdirectory / Subfolder
- Login email after registration never sent or received
- How can I create a separate blog that is private?
- How to keep always logged in development environment
- Add Confirm Password field in wp-login.php Password Reset page
- Integrate recaptcha and wp_signon – what is needed?
- Stop users from logging in from multiple locations
- I want to disable E-Mail verifcation / activation when a user signs up for my WordPress site
- custom login page redirect to logged in user profile page
- WordPress multisite subdirectory redirect infinite loop issue
- Email address or username used to login in wordpress
- How do I check if a post is private?
- Front-end login: Redirect user to the post they had created
- Receiving “This content cannot be displayed in a frame” error on login page
- My login form does not work
- Programmatically log in a wordpress user
- Action wp_login_failed not working if only one field is filled out
- Getting “Cookies are blocked or not supported by your browser” on login page
- What is the purpose of logging out after WordPress upgrade?
- Is it alright for two people to simultaneously be logged into a WP site as administrator?
- wp-login.php redirecting to HTTPS
- Display last login time
- How to customise wp-login.php only for users who are setting a password for the first time?
- Intentionally Force Failed Login WordPress
- How do I turn off the ability to login?
- Gaining Login Access via the Database
- Admin-Ajax.php, SSL, Non-SSL
- How to Block Access to Standard Login Flow and Comment Flow