Protect attachment files from direct access using powerful and flexible restrictions. Offer safe download links for any file in your uploads folder.
Media Vault cordons off a section of your WordPress uploads folder and secures it, protecting all files within by passing requests for them through a powerful, flexible and completely customizable set of permission checks.
After activating the plugin, to protect attachment files with Media Vault you can:
By default the only permission check that the plugin does on media files is that the user requesting them be logged in. You can change this default behavior from the ‘Media Settings’ page in the ‘Settings’ menu of the WordPress Admin. You can also change the restrictions set on attachments on an individual basis by means of either the Media Vault metabox on the ‘Edit Media’ page or the Media Vault Protection Settings fields in the new Media Modal.
You can also write your own custom restrictions using the mgjp_mv_add_permission()
function. See this support question for more details.
Creating a cross-browser compatible download link for a file is a harder task than might be expected. Media Vault handles this for you, and it does so while preserving all the file security features discussed earlier like blocking downloads to people who should not have access to the file.
The download links are available through a simple shortcode that you can use in your post/page editor screen:
[mv_dl_links ids="1,2,3"]
where ‘ids’ are the comma separated list of attachment ids you would like to make available for download in the list.
Note: Plugin comes with styles ready for WordPress 3.8+!
Note:Now supports WordPress MultiSite!
This sometimes does not to work on localhost
, so if you’re running your site off your own computer it’s simpler to use the second method.
zip
folder (mediavault.zip
).zip
folder to your server; to the /wp-content/plugins/
directory of the site you wish to install the plugin on.zip
. Once it is done you can delete the mediavault.zip
file if you wish.Once you have Media Vault activated and fully enabled don’t forget to go and check out the plugin’s settings on the ‘Media Settings’ page under the admin ‘Settings’ menu.
You have two options. If you only want to toggle File Protection on a single attachment, you can do it directly from the attachment’s Edit page. In the ‘Media Vault Settings’ metabox in the right column, you can toggle protection by clicking the button that will either say ‘Add to Protected’ or ‘Remove from Protected’. Remember to click ‘Update’ to save the changes you have made.
If you want to toggle File Protection on multiple attachments, the plugin comes with two bulk actions that can be performed in the Media Library page in the WordPress Admin. On the Media Library page select the attachment or attachments you would like to manipulate by ticking the box next to their title. Then from the ‘bulk options’ dropdown select either the ‘Add to Protected’ or ‘Remove from Protected’ option and click the ‘Apply’ button next to the dropdown.
You can verify that the action took effect by looking at the Media Vault column in the Media Library list table. It will display when an attachment’s files are protected as well as the permissions set on the particular attachment.
Yes they can, see this support question for more details!
This question was recently asked and answered in this support thread, check it out!
fixed bug in mv-file-handler.php
causing php Notice and corrupted files. Big thanks to user ikivanov for pointing it out and providing the solution!
mv-metaboxes.php
causing php Notice. Thank you user ikivanov for pointing it out!mv-metaboxes.php
causing metabox stylesheet not to be servedFixed typo causing php error in mv-extra-activation-steps.php
. Thank you user wwn2013 for pointing it out!
fixed bug in mv-file-handler.php
that allowed files to be viewed in the protected folder when ‘Save uploads in year/month folders’ was not selected. Thanks to WayneHarris for pointing the issue out.
added a body class to the WP admin to let Media Vault know to use the new 3.8+ styles
fixed code that required php 5.4 and above, to be compatible with older versions of php
mgjp_mv_admin_check_user_permitted()
function to handle non admin checking and renamed it to mgjp_mv_check_user_permitted()
to reflect this.uninstall.php
file and moved all settings removal actions there so that settings are now saved when a user only deactivates and does not remove the plugin.mgjp_mv_get_the_permission()
function returning the wrong permission.The Metabox – added a Media Vault metabox to the attachment editor screen to manage protection meta + bugfixing on the bulk actions script
Minor remastering of permission checking code to address protected attachment access from within the WordPress backend. Highly recommended to immediately update.
wp_die
directly. They now MUST either return true
upon determining the current user is permitted to access a particular attachment; or if access is denied: false
or a WP_Error
object with an error message included. mgjp_mv_admin_check_user_permitted()
function to use permission functions to change access to attachments while within the WP Admin.mv-file-handler.php
to accommodate the changes to the way custom permission functions now return values.Initial Release.