Security: Protect files embedded into posts that require a login

Hi all,

I’m currently buildind a site that has sensitive information behind a login page. I’m using these plugins to achieve that:

http://codecanyon.net/item/pages-by-user-role-for-wordpress/136020
https://wordpress.org/plugins/theme-my-login/

The first one is a premium plugin which requires a user being logged in as a certain user group in order to view the site. Now here’s the problem:

I need to put PDF and Office files on to that page so the clients can download them but what no one seemed to think of is that the actual files are accessible to the public. Search engines that do not respect the Disallow: /folder setting would crawl and index the files.

So… Is there a way to make sure a user is logged in when he downloads files of a certain type from the server? A little insight would be fantastic. I’ve read somewhere that a proxy script might be a good way to do it but I don’t know if I can dig so deep, my coding abilities are limited.