How to manage access to the WordPress media library

The biggest challenge with the media access control is protect physical files from the direct access. When somebody has a direct link to a file, it can be copy & pasted to a browser. However AAM has the ability to protect your files with few simple step.

Step #1. Physical access redirect.
Go to the root of your website and open the .htaccess file and copy&paste following configurations in the end of the file:

# BEGIN AAM Media Access Control

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} !(\.css|\.php|\.js)$
RewriteCond %{REQUEST_URI} wp-content/uploads/(.*)$
RewriteRule . /index.php?aam-media=1 [L]

# END AAM Media Access Control

NOTE! If your website root is located in subfolder, for example https://mywebsitedomain.com/wordpress, then adjust RewriteBase / line with RewriteBase /wordpress and RewriteRule . /index.php?aam-media=1 [L] to RewriteRule . /wordpress/index.php?aam-media=1 [L]

This tells to the Apache server that if somebody tries to access a physical file directly, then redirect user to AAM media manager when access is checked.

Note! Some hosting providers do to allow to define rewrite rules in the .htaccess file and that is why this solution may not work. To make sure that requests are redirecting properly, modify the RewriteRule . /index.php?aam-media=1 [L] line to RewriteRule . /index.php?aam-media=1&debug=1 [L]. Then try to access any media asset directly and simply check if there is a debug.log file in the /wp-content/plugins/advanced-access-manager/Application/Core folder. If not, then contact your hosting provider to clarify why redirect rules inside .htaccess are ignored.

Step #2. Restrict access to media.
Navigate to AAM page and click on Posts & Pages tab and find the media post that needs to be protected. Check the READ option and you are good to go.

WordPress Media File Protection

Step #3. Activate media protection feature.
Go to AAM page and click on Utilities tab. Make sure that “Media Files Access Control” option is checked.

Note! This functionality has been tested on brand new WordPress installation with all default settings. It might have conflicts with other plugins that are doing similar task. Contact us if it is not working as expected

Get Development Package with all extensions included for unlimited number of sites

Learn More

Get the latest updates and promos.