Please go through this blog written by me. Here you will get your answer for your question. https://aftabablog.wordpress.com/2017/02/17/how-to-make-your-uploads-in-wordpress-visible-only-for-logged-in-users/
You can use User Admin Simplifier plugin. It allows you to hide plugins and options from choosen users.
The best way I know of would be to filter the data. For posts, you might do: function my_check_post_not_crazy( $data, $post_arr ) { $max_content_length = 2048; # max length in characters $max_num_posts = 200; # maximum number of posts if ( !current_user_can(‘activate_plugins’) && empty( $post_arr[‘ID’] ) ) { $die_args = array(‘back_link’ => true); # Not … Read more
Use the map_meta_cap filter to conditionally prevent users who cannot manage_options (i.e. administrators) from editing/deleting certain posts: function wpse_188368_map_meta_cap( $caps, $cap, $user_ID, $args ) { if ( in_array( $cap, array( ‘delete_post’, ‘edit_post’ ) ) && $args && ! current_user_can( ‘manage_options’ ) /** Only proceed for non-administrators */ ) { $post_id = $args[0]; if ( in_array( … Read more
You are overthinking this ( very dangerous and harmful for programmer/developer ).. Just use this logic in your page template: <?php //Check if user is logged in if( is_user_logged_in() ) { //The the stuff you want to show to logged-in users } else { //Do something else, e.g show notice “You have to be logged … Read more
You need to create a .htaccess file in order to block the file access from direct url entry. The below code should work for you. RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite\.com/ [NC] RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC] RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ http://yourwebsite.com/ [NC] There is also a previous post on this in the WordPress Stack … Read more
You cannot at the same time allow access to file (via embedding) and disallow access to file. That’s just not practical and you waste your time on holes. The comment is quite right that you would need to stream file from protected location for working access control. Even then if client-side viewer has access to … Read more
So following from the comment discussion, a sufficient answer on another StackEx question goes like this: add_filter( ‘parse_query’, ‘exclude_pages_from_admin’ ); function exclude_pages_from_admin($query) { global $pagenow,$post_type; if (is_admin() && $pagenow==’edit.php’ && $post_type ==’page’) { $query->query_vars[‘post__not_in’] = array(’21’,’22’,’23’); } } The only part that’s terribly important to us is the array of post IDS. The problem is … Read more
You can do this without any plugins rather easily. If you’re only going to have a single page that needs to be accessed with an account created by you, try creating a page template with something like the below. Note: you should create any new account as a subscriber. <?php /* Template Name: Private Page … Read more
If a user needs to login to the system to see his own items than it is just like any other user. Reinventing the front end will not be good enough as you will need to detect when its logged in, therefor you will need to reinvent basically most of the user related API. It … Read more