Private pdf files

Your approach does not provide security. I could hand-craft a cookie named “wordpress_logged_in” (containing any arbitrary value) and have access to your PDF files.

You may want to rethink your solution to put a PHP script in between the files and the users.

e.g.

  1. User Clicks download button
  2. PHP Script handles fetching document
  3. If authenticated user, PHP script sends through PDF file.
  4. If not authenticated, send error message.

Take a look at this answer for more detail on implementation:
https://stackoverflow.com/questions/10834196/secure-files-for-download

If this is an approach you would like to explore, I will update my answer with how to connect this approach to WordPress.

Edit: I’m going to provide a “hacky” solution for proof-of-concept. In practice, I would likely implement the approach using WP AJAX actions.

<?php

/*
 * Assume WordPress lives in /var/www/mysite/
 * This script's path is /var/www/mysite/downloader.php
 *
 * To download a file, link the user to:
 *   <a href="https://wordpress.stackexchange.com/downloader.php">Download file</a>
 *
 * You can mask this downloader using htaccess rewrites
 */

// Load wordpress
require_once('/path/to/wordpress/wp-load.php');

if (!is_user_logged_in()) die('no access');

// specify a file path
$file="/path/to/file/outside/www/secret.pdf";

// or load the file from some other location (e.g. WP Media)


header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=" . basename($file));
header("Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit;

// Don't use closing PHP brackets.

Related Posts:

  1. Documentation for using JavaScript code inside a PDF file
  2. Are transients private or public?
  3. Redirect to login when on private page, and when logged in to specific page
  4. Restrict WordPress to Private
  5. Change Visibility to Private
  6. How do I get next_posts_link to work with private posts?
  7. Hide public page from logged in users?
  8. Exclude post from home page and archives, but still public
  9. Cannot see private content
  10. How to block access to Crawlers to any Image on a Private page
  11. Assign a username and password to specific users
  12. Administrator cannot see private content
  13. Is there a way to load pages/site from specific referring source only?
  14. How to display PDF file in HTML?
  15. How can I extract embedded fonts from a PDF as valid font files?
  16. What are the most common Python docstring formats?
  17. Print PDF directly from JavaScript
  18. IPython/Jupyter Problems saving notebook as PDF
  19. Create html documentation for C# code
  20. Generating PDF files with JavaScript
  21. How do I export my WordPress blog as a book? [closed]
  22. Is there a top-down documentation for WordPress?
  23. How can I make it so the Add New Post page has Visibility set to Private by default?
  24. How should I document function calls?
  25. Is there a list / reference for all current native WordPress blocks?
  26. WordPress training materials
  27. Where do the favicons for Media Files come from
  28. Convert WordPress pages to PDF
  29. Exclude Private, Draft pages from Primary Nav when using custom menu
  30. How can I create a separate blog that is private?
  31. Attach pdf file to custom post type
  32. WordPress i18n-friendly preg_replace post title
  33. Restricting access to files within a specific folder [duplicate]
  34. How to keep track of user logins?
  35. Create thumbnail on PDF upload with Gravity Forms
  36. Workflow and best practice for documentation [closed]
  37. Make post password required to publish
  38. When should I use @see tag in my inline doc for Functions & Class Methods?
  39. Disable comments from showing up public for Custom Post Type
  40. Best way to have an per-user customized private section
  41. Hide a template part when page is password protected?
  42. How to correctly detect accessing wp-content/uploads?
  43. How to create a plugin that notifies for updates?
  44. Can we have private drafts?
  45. Attaching a pdf to Contact Form 7 e-mail via functions.php [closed]
  46. List and show uploaded pdf files dynamically
  47. How to make a secure blog that is completely private?
  48. Force documents to appear in Featured Image dialogue
  49. Open Custom Post Type as PDF
  50. How do you use WP slugs for PDF files / media?
  51. pdf (25MB) – how to display and enable download?
  52. Are private posts visible to search engines?
  53. How do I display content to users who are not logged in instead of 404 on Private custom posts?
  54. PHPStorm and CodeSniffer do not recognize WPCS [closed]
  55. List all private pages user has access rights to read
  56. Is It Possible to Upload Certain Attachment Files To A Remote Server
  57. How to update the counter of private pages in the dashboard?
  58. Plugin developer automated documentation
  59. Post visibility based on user role
  60. How can i realize a semi-private research diary blog
  61. WordPress tax_query not showing private posts
  62. Codex Version Focus on Production or Nightly?
  63. read_private_pages capability not working for new role
  64. Path in dev server works; same path in prod server is broken
  65. Manage Private Posts
  66. Empty Pdf file generated with FPDF library in WordPress plugin [closed]
  67. Error in pdf generating plugin using FPDF
  68. Create a permalink to a pdf?
  69. Why are thumbnails not being generated for PDF files?
  70. Create template for just a print
  71. Changing the the_author_posts_link() hover title
  72. Custom post type permalink returns 404 when set to private
  73. Change meta data of pdf file
  74. Add Watermark to PDF’s of logged in user in WordPress upon upload to media library [closed]
  75. How do I fit a function inside an opening and closing do_shortcode
  76. Mutliple users editing single document in wordspress
  77. Private Post BUT Public excerpt on Homepage
  78. How can I create an RSS feed that includes “Private” posts?
  79. Need to block user role from accessing bbPress all together
  80. Custom Role read_private_posts Not Working
  81. Thumbnails not being generated for PDF files
  82. Create a pdf from the entries in DB
  83. Upload Image with a file URL and show dynamically on Frontend
  84. Opening a file of the theme from outside
  85. Show uploaded pdf files dynamically and filter by month name
  86. Forcing two or more custom post type to be private
  87. generate PDF from member information
  88. Code correction – Hide a profile from visitors with a specific role
  89. Custom get_the_password_form
  90. How to upload PDF from Front-End and post automatically?
  91. Password protected uploaded PDF page
  92. Adding list of Indexes in wordpress document
  93. How to check if the user was redirected?
  94. How to embed PDF files inside content without media_send_to_editor?
  95. Automatic updates of plugins and themes outside of wordpress.org
  96. Front end login and page restriction
  97. Simplest way to create two private sections each with a common account
  98. Advice on setting up private site
  99. What is the best way to achieve unique Member functionality?
  100. Custom Search on media files PDF images pages posts
techhipbettruvabetnorabahisbahis forumuedusedusedueduedueduedusedueduedu