Title: Sub directory require login
Last modified: February 14, 2018

---

# Sub directory require login

 *  [mortonc](https://wordpress.org/support/users/mortonc/)
 * (@mortonc)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/sub-directory-require-login/)
 * I have a subdirectory on my server which looks like mysite.com/myfolder
 * in there I have some PHP files. As it currently stands anybody with the url can
   access the page. However I would like to make it so that it requires users to
   have a certain capability.
 * I tried just straight adding the below code but that didn’t work, perhaps I need
   to somehow link it to the wordpress setup.
 * `<?php if( current_user_can('edit_others_pages') ) { ?>`

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [RossMitchell](https://wordpress.org/support/users/rossmitchell/)
 * (@rossmitchell)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/sub-directory-require-login/#post-9975859)
 * Since it is the web server that is using the URL and accessing files, it is best
   addressed outside of WordPress.
    Your web host management login will let you 
   do this. The commonest of these is “cPanel”, use its “Password protected directories”
   to password protest your directories and files.
 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [8 years, 3 months ago](https://wordpress.org/support/topic/sub-directory-require-login/#post-9979497)
 * If you really want to manage access through WP, then direct access of the files
   must be prevented and all requests need to be routed through WP. You cannot use
   WP to restrict direct access because if a requested file exists, it’s impossible
   to get to WP to check credentials. This is why Ross suggested using host management.
 * A quick and dirty way to force access through WP is to prevent the file from 
   being interpreted unless access is through WP by starting every file with something
   like
    `if ( !defined('ABSPATH') ) die("Cheatin' eh?");`
 * One way to access files through WP is to request through /wp-admin/admin-post.
   php. The file does a specific action based on the passed “action” parameter. 
   You would need to add a callback for this action as part of theme or plugin code.
   The callback can check user capabilities and whatever else before including the
   desired file, which might also be passed as an URL query string. Because WP is
   including the PHP file, ABSPATH is defined and the rest of the file can be interpreted.
 * The sort of URL that would cause all of this to happen might look something like
   
   _example.com/wp-admin/admin-post.php?action=do\_my\_file&my\_file=target_
 * admin-post.php then does the action “admin_post_do_my_file”. The callback added
   to that action can check user credentials, then do `include ABSPATH . "/my-files/{
   $_GET['my_file']}.php";`

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Sub directory require login’ is closed to new replies.

 * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/)
 * 2 replies
 * 3 participants
 * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * Last activity: [8 years, 3 months ago](https://wordpress.org/support/topic/sub-directory-require-login/#post-9979497)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics