Allows securing files in WP's media library to be only accessible to users with specific roles, capabilities, or IP addresses.
The Htaccess Secure Files plugin can only be activated on Apache web servers with mod_rewrite enabled, and will automatically raise an error upon activation if this is not the case.
The Htaccess Secure Files plugin allows for setting files to be accessible only to visitors who have a specified IP address or WordPress role or capability. By using .htaccess files to secure the content instead of a separate directory outside the web root, WordPress's native media library functionality can be used to upload secure files and link to them from within the visual editor.
By default all built-in WordPress roles will be allowed to access content that is marked as secure. The Settings -> Secure Files admin screen controls which roles, capabilities, and IP addresses are allowed to view or download secured files. If a custom role or capability is desired, there are several WordPress plugins capable of creating and editing roles and capabilities.
Any visitor that matches any selected role, capability, or IP address will be allowed to access secured files.
This plugin works by creating a .htaccess files in the directory of each secured file. If you manually edit the .htaccess file and it becomes corrupt (a 500 Internal Server Error is the most likely symptom), I recommend deleting the .htaccess file and then edit and save each secured item in the media library.