File Protection

With File Protection, you can protect any files uploaded through the WordPress media uploader. Access to these files will then be protected just like any post or page you might protect. Please note a member could download a file if they choose to once they have been granted access.

To protect files, navigate to the Content Protection menu inside WishList Member. Then, select the “Files” sub-menu.

Here you will see a list of all the files uploaded through the WordPress media uploader. Across the top, you will see a “Select an Action” dropdown, a search bar and a “Settings” button.

You can search for individual files by entering your search term into the “Search Text” box at the top. Additionally, you can use the “All Levels” dropdown box to search for files only specific membership levels have access to (or all levels). You can also search for files by status (Published, Draft, etc) using the “All Statuses” dropdown.

To edit global settings for File Protection, click the “Settings” button at the top.

In the pop-up that appears, you will see the following:

  • File Protection Ignore List. This is a list of file extensions that WishList Member will ignore. You can add to or remove from this list. By default, image, CSS and JavaScript file extensions are ignored as these are necessary for your WordPress theme to work properly.
  • Nginx Instructions. The instructions to follow to make File Protection work with Nginx servers.

Once you have set the options accordingly, select “Save Settings”.

To bulk-edit file settings, select the checkbox next to the files you would like to edit. Then, select the action you would like to take from the “Select an Action” dropdown.

You have several options here:

  • Edit Protection Status. Select whether this file should be protected or not.
  • Add Levels. You can add levels that should have access to a particular file.
  • Remove Levels. You can remove levels from accessing a particular file.

WP Engine – Cache Exclude and Redirect Rule

If your site is hosted with WP Engine and you find the files are not being protected as expected, there are some adjustments WP Engine can make on their side.

You will just need to ask WP Engine to Not cache files with the following prefix in the file name.


Example: Caching should not be applied to a file named like the following (it includes the protected- prefix)


Please also ask WP Engine to cache exclude ^/wp-content/uploads/? and for the redirects, put in:

source: ^/wp-content/uploads/(.*)/(.*)/protected-(.*)

This should resolve issues with file protected on a site hosted with WP Engine.

Check out the Folder Protection Knowledge Base Entry

Was this article helpful?

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support