Title: Shared and Secure Docs Last modified: August 20, 2016 --- # Shared and Secure Docs * [chattan](https://wordpress.org/support/users/chattan/) * (@chattan) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/) * I’m not the most technical and am looking for advice. I’m running a writers’ multisite: the main site contains some general pages and there’s one sub-site per writer where each individual can blog and show examples of their stuff. So far, so good. * I now want to add a shared page (or sub-site) where any writer can upload draft documents and get feedback from the others. Access needs to be secure: unregistered users might be able to see the links on the page, but shouldn’t be able to open any docs. So my questions are: * 1. Create a shared page on the main site or a new sub-site? 2. How do I secure the docs folder and/or the uploaded docs? 3. Use Word/PDF change control or WP facilities? * Any idiot-proof advice appreciated! Viewing 9 replies - 1 through 9 (of 9 total) * [danhgilmore](https://wordpress.org/support/users/danhgilmore/) * (@danhgilmore) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100265) * If you are using Multisite, you most certainly can set up an additional site and have multiple users access it while restricting it from unregistered users. * I’d recommend a new sub-site. The docs folder would be on your server’s file system in /wp-content/blogs.dir/{blog_id} Off the top of my head, that URL isn’t reachable (could be wrong though). Personally, I prefer Word change control. * Hope this helps! * Thread Starter [chattan](https://wordpress.org/support/users/chattan/) * (@chattan) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100346) * Thanks Dan – that certainly helps! * I looked at the directory structure and it’s something like: /wp-content/blogs. dir/nn/files/yyyy/mm/(docs) nn is the sub-site number * Do I stick some .htaccess thing in the appropriate sub-site folder? Down below that, the year and month are going to change all the time. * Thread Starter [chattan](https://wordpress.org/support/users/chattan/) * (@chattan) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100607) * Still stuck I’m afraid. * I created a new sub-site and had some fun trying to get it to recognise document types (solved by installing the PJW mime config plugin). Some docs now uploaded, but can’t get .htaccess and .htpasswd to work. I’ve uploaded them to the files folder within the path: /www/wp-content/blogs.dir/17/files/ – 17 is the sub-site I just created. * The .htaccess file contains the line: AuthUserFile /www/wp-content/blogs.dir/ 17/files/.htpasswd * When I display a page on the new sub-site and click the link to an uploaded doc, I can see it without being prompted for a userid and password. * Anyone get me straight? * [Andrea Rennick](https://wordpress.org/support/users/andrea_r/) * (@andrea_r) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100610) * Look at how Boone did it with this plugin: [http://teleogistic.net/code/buddypress/buddypress-docs/](http://teleogistic.net/code/buddypress/buddypress-docs/) * It’s buddypress specific but you may be able to adapt it to your needs. * Thread Starter [chattan](https://wordpress.org/support/users/chattan/) * (@chattan) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100621) * Thanks Andrea – I looked at your link but couldn’t see an obvious answer to my problem. I think it’s just my lack of technical expertise in using .htaccess/. htpasswd that is the issue. Either I’ve got the syntax wrong or some higher level WP .htaccess is overriding my stuff. * To recap, I’ve tried various AuthUserFile paths: (a) /www/wp-content/blogs.dir/ 17/files/.htpasswd (b) /vhost/vhost8/s/o/u/soutarwriters.co.uk/www/wp-content/ blogs.dir/17/files/.htpasswd (as returned by path.php) (c) /www/drafts/files/. htpasswd (drafts is the sub-site name) (d) as above, but placing .htaccess/.htpasswd in folders 17, files, 2011 and 05 and using the appropriate path. * The other syntax in .htaccess seems ok, viz: AuthType Basic AuthName “Soutar Writers Drafts” Require valid-user * The .htpasswd syntax is just username:encrypted password, obtained from [http://www.4webhelp.net/us/password.php](http://www.4webhelp.net/us/password.php) * All of these variants fail to produce a username/password prompt dialogue box when I try to access docs in the 05 folder. * Can some .htaccess expert spot what I’m doing wrong? * [Andrea Rennick](https://wordpress.org/support/users/andrea_r/) * (@andrea_r) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100622) * THe link above actually didn’t use the htaccess method at all. 😉 * Thread Starter [chattan](https://wordpress.org/support/users/chattan/) * (@chattan) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100624) * Andrea – I’m sure you’re right about the link, but the plugin seems to require buddypress. If I adapt it, I need to acquire the technical expertise to find out what it is doing, plus some php and js skills I don’t have. My earlier posts made the disclaimer that I’m an idiot. * Any simple solutions for simpletons out there? * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100625) * Not really because it’s a complicated thing. Let’s try a different tactic…. * What if they didn’t upload the doc, what if they copy/pasted the data into a post, and then you used a user-role plugin (like Members or something) to manage permissions for people to view and comment on that page? * Thread Starter [chattan](https://wordpress.org/support/users/chattan/) * (@chattan) * [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100626) * Thanks Ipstenu – that looks very promising. I’ve already set up the sub-site with all the permitted users identified as contributors. Browsing through readme. html, the Private Blog component of Members should hide all content until a user logs in. I could define appropriate capabilities for contributor (and administrator) roles. Hopefully users could still upload their docs (as well as copy shorter texts into posts) as the doc links wouldn’t show to unregistered people. If I can avoid htaccess I’ll be pleased as my competence is low! I’ll install the plugin, do some tests and report back. Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘Shared and Secure Docs’ is closed to new replies. * In: [Networking WordPress](https://wordpress.org/support/forum/multisite/) * 9 replies * 4 participants * Last reply from: [chattan](https://wordpress.org/support/users/chattan/) * Last activity: [14 years, 11 months ago](https://wordpress.org/support/topic/shared-and-secure-docs/#post-2100626) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics