[wp-edu] protecting uploaded files from direct download (multisite)

Joseph Ugoretz joseph.ugoretz at mhc.cuny.edu
Sat Aug 10 20:43:55 UTC 2013

Has anyone found a good solution for this?

Here's the basic scenario.  A class site wants to post links to class readings (as PDFs) for the students to download and read.  The instructor has copyright permission (or fair use exemption) to copy and distribute these readings to the class--but not to share them with the whole wide internet.

So she uploads the files, puts the links on a separate page, and password-protects that page.  Then she gives the password for that page to the class, so the students can all get the files. 

So far, so good, but the problem is that even though the page is password-protected, the uploaded files are not.  So anyone who has the direct link can download those files without knowing the password. And google does index the content of pdf files, so it's very possible, in fact likely, that someone googling (for example) the author's name or some terms in the document will come across that direct link.

I've tried as many of the .htaccess tricks for preventing this as I can find.  This looked like the best guide http://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy/ but I tried many others.

None of them seem to work at all for multisite.  They don't stop the problem in any way.

If you've got a tip or trick, I'd love to hear about it!  I'd be happy with a solution that would work for the enitre network...or just for specific sites.  I'm OK with just about anything that will work!



Joseph Ugoretz, PhD
Associate Dean
Teaching, Learning and Technology
Macaulay Honors College
The City University of New York
35 West 67th St.
New York, New York 10023
TEL 212-729-2920
FAX 212-580-8130

More information about the wp-edu mailing list