Initial release. After activation, re-save your Permalink Settings to ensure rewrite rules are flushed.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3577693,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3577693,"resolution":"256x256","location":"assets","locale":"","width":250,"height":250}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Dashboard with protection statistics and quick actions.","2":"Media Library with Protection Status column.","3":"Attachment edit screen showing Protection Settings panel.","4":"Settings page with all configuration sections.","5":"Access Logs table showing granted and denied requests."}},"plugin_section":[],"plugin_tags":[267776,233,267775,58819,267777],"plugin_category":[],"plugin_contributors":[267778],"plugin_business_model":[],"class_list":["post-305867","plugin","type-plugin","status-publish","hentry","plugin_tags-file-access-control","plugin_tags-media-library","plugin_tags-media-protection","plugin_tags-secure-files","plugin_tags-token-url","plugin_contributors-umangapps48","plugin_committers-umangapps48"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/ptp-private-media\/assets\/icon-128x128.png?rev=3577693","icon_2x":"https:\/\/ps.w.org\/ptp-private-media\/assets\/icon-256x256.png?rev=3577693","generated":false},"screenshots":[],"raw_content":"\n
PTP Private Media<\/strong> gives you full control over who can access your WordPress media files. Stop search engines, bots, and unauthorised visitors from downloading your protected images, PDFs, videos, or documents.<\/p>\n\n Author:<\/strong> Umang Prajapati<\/a> | WordPress Profile<\/a> | GitHub<\/a><\/p>\n\n \ud83d\udd10 Media Protection System<\/strong>\n* Prevent direct URL access to files in \ud83d\udc65 Fine-Grained Access Control<\/strong>\nSet a protection level for every file in the Media Library:<\/p>\n\n \ud83d\udd17 Secure File Delivery<\/strong>\n* Replace original media URLs with HMAC-signed, time-limited token URLs\n* Format: \ud83d\udeab SEO & Indexing Protection<\/strong>\n* \ud83d\udcc2 Media Library Integration<\/strong>\n* Protection Settings panel on every attachment edit screen\n* Protection status column ( \u26a1 Performance<\/strong>\n* Chunked streaming with HTTP Range support for large video\/audio files\n* Configurable file-size threshold for streaming vs. single-pass delivery\n* Object cache support with cache invalidation on settings change\n* Scheduled cleanup of expired tokens and old access logs<\/p>\n\n \ud83d\udee1\ufe0f Security<\/strong>\n* HMAC-SHA256 signed tokens using WordPress secret keys\n* Nonce verification on all AJAX requests and form actions\n* All input sanitized and output escaped per WordPress standards\n* No direct file inclusion; While The access control system is designed to work alongside WooCommerce. Future versions will include native purchase-based access checks.<\/p>\n\n\n Only files you explicitly protect will have their URLs replaced. Public files continue to behave normally.<\/p><\/dd>\n The PHP-level access control works on any web server. On Nginx, add the configuration rules shown in the Dashboard to block direct file access at the server level.<\/p><\/dd>\n The user will receive an \"Invalid or expired access token\" message. Generate a new secure URL from the Media Library.<\/p><\/dd>\n CDN bypass is possible for public files. For protected files, disable CDN caching or ensure the CDN forwards requests to WordPress for validation.<\/p><\/dd>\n Large files are streamed in 1 MB chunks with HTTP Range support, so memory usage stays low even for large videos.<\/p><\/dd>\n No. The plugin sends Core Features<\/h4>\n\n
\/wp-content\/uploads\/<\/code>\n* Files are served through a secure PHP handler, not exposed directly\n* Automatic .htaccess<\/code> rules block direct file access on Apache servers\n* Guidance provided for Nginx configurations<\/p>\n\n\n
example.com\/ptp-restricted-media\/{file-id}\/{token}\/<\/code>\n* Configurable token expiry (default: 1 hour)\n* Hotlink protection prevents embedding on external domains\n* Optional IP-address binding for tokens<\/p>\n\nX-Robots-Tag: noindex, nofollow<\/code> header on all protected file requests\n* Optional Disallow<\/code> entries in robots.txt<\/code> for the uploads directory\n* Disable and redirect WordPress media attachment pages\n* wp_robots API integration for attachment pages<\/p>\n\nProtected \/ Public \/ Password \/ Role<\/code>) in list view\n* Bulk Actions: protect multiple files, change access rules, make public<\/p>\n\nABSPATH<\/code> check on every file\n* Clean uninstall via uninstall.php<\/code><\/p>\n\nNginx Support<\/h4>\n\n
.htaccess<\/code> rules are written automatically for Apache, the plugin provides the correct Nginx configuration block in the admin dashboard for manual setup.<\/p>\n\nWooCommerce Compatibility<\/h4>\n\n
\n
ptp-private-media<\/code> folder to \/wp-content\/plugins\/<\/code>.<\/li>\nSettings \u2192 Permalinks<\/code>) if secure URLs return 404.<\/li>\n<\/ol>\n\n\n\n
Will this break my existing media URLs?<\/h3><\/dt>\n
Does it work with Nginx?<\/h3><\/dt>\n
What happens if a token expires?<\/h3><\/dt>\n
Can I use it with a CDN?<\/h3><\/dt>\n
Does this affect site performance?<\/h3><\/dt>\n
Will protected files still be indexed by Google?<\/h3><\/dt>\n
X-Robots-Tag: noindex, nofollow<\/code> on every protected-file response and disables media attachment pages.<\/p><\/dd>\n\n<\/dl>\n\n\n1.0.0<\/h4>\n\n
\n
.htaccess<\/code> rules and Nginx guidance.<\/li>\n