<div dir="ltr"><div>Hi Joseph,<br><br>Have you considered using the http-authentication plugin at: <a href="http://wordpress.org/plugins/http-authentication/">http://wordpress.org/plugins/http-authentication/</a> ?<br><br>
</div>Best-<br>Alba<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Aug 12, 2013 at 7:21 AM, Joseph Ugoretz <span dir="ltr"><<a href="mailto:joseph.ugoretz@mhc.cuny.edu" target="_blank">joseph.ugoretz@mhc.cuny.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks to all! Daniel's solution (wp-document-revisions) looks perfect for all needs. If others are exploring the other options, here's some of what I've determined in my testing of the other plugins and suggestions.<br>
<br>
WordPress Download Manager--two major drawbacks. First, it exposes ALL files on the entire server to every user. I was able to edit that feature out of the admin panel, but would have to do so again on every update. Second (and worse from my perspective), it really does not protect the uploaded files. It hashes the filename for the download link, but anyone who has that direct link can still download without knowing the password.<br>
<br>
Download Monitor--Limits downloads to logged in members (of specific user groups if wanted). But has no provision for allowing non-logged in users with a password to download the files. We sometimes want to give people access to downloading the files, but don't want to create accounts for them on our system.<br>
<br>
User Access Manager--works by rewriting the htaccess file on the uploads directory. In my earlier testing, this method did not work at all for multisite installs. Might be that the plugin does it better, but using it post facto (as we would have to) would eliminate all usable links from previously available downloads. That warning, and the fact that it asks to rewrite databases upon install, made me nervous.<br>
<br>
WP-Document-Revisions looks like the best bet, for us. The combination of a large (3000+ sites/users) multisite install and the need for real secure protection, not just obscurity, seems to be best filled by this plugin. It also does much more, and the name "Document Revisions" doesn't include the main feature we're using it for, but that's something we can explain to users.<br>
<br>
It's interesting that this isn't something included in WordPress at this point. And it's also interesting that so many of the proposed solutions don't work at all in multisite. I think most people assume that a link on a password-protected page is also protected, or at least not indexed by google. Especially if they're using a plugin which is supposed to manage downloads. Testing with a direct link in a separate (not-logged-in, no password entered, no cache existing) browser will almost always allow direct download of those "protected" files.<br>
<br>
Somewhat troubling!<br>
<div class="im"><br>
<br>
--<br>
Joseph Ugoretz, PhD<br>
Associate Dean<br>
Teaching, Learning and Technology<br>
<br>
Macaulay Honors College<br>
The City University of New York<br>
35 West 67th St.<br>
New York, New York 10023<br>
TEL <a href="tel:212-729-2920" value="+12127292920">212-729-2920</a><br>
FAX <a href="tel:212-580-8130" value="+12125808130">212-580-8130</a><br>
</div><a href="mailto:joseph.ugoretz@mhc.cuny.edu">joseph.ugoretz@mhc.cuny.edu</a><br>
<a href="http://macaulay.cuny.edu" target="_blank">macaulay.cuny.edu</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
On Aug 12, 2013, at 9:44 AM, Anna Mulé <<a href="mailto:anna.mule@wagner.edu">anna.mule@wagner.edu</a>><br>
<div class="HOEnZb"><div class="h5"> wrote:<br>
<br>
> We are using the "User Access Manager" plugin to limit access to pages, posts, and files to specific user groups.<br>
><br>
> Anna Mulé | Director of Digital & Social Media<br>
> Office of Communications & Marketing<br>
> <a href="http://wagner.edu" target="_blank">wagner.edu</a> | <a href="tel:718.420.4468" value="+17184204468">718.420.4468</a> | @wagnercollege<br>
><br>
> Connect with Wagner College!<br>
><br>
><br>
><br>
> On Mon, Aug 12, 2013 at 8:59 AM, Matthew Patulski <<a href="mailto:matthew@patulski.is">matthew@patulski.is</a>> wrote:<br>
> +1 to download monitor.<br>
><br>
> Matthew Patulski<br>
> PTA volunteer<br>
> <a href="http://www.northparkschools.org" target="_blank">www.northparkschools.org</a><br>
><br>
> _______________________________________________<br>
> wp-edu mailing list<br>
> <a href="mailto:wp-edu@lists.automattic.com">wp-edu@lists.automattic.com</a><br>
> <a href="http://lists.automattic.com/mailman/listinfo/wp-edu" target="_blank">http://lists.automattic.com/mailman/listinfo/wp-edu</a><br>
><br>
><br>
> _______________________________________________<br>
> wp-edu mailing list<br>
> <a href="mailto:wp-edu@lists.automattic.com">wp-edu@lists.automattic.com</a><br>
> <a href="http://lists.automattic.com/mailman/listinfo/wp-edu" target="_blank">http://lists.automattic.com/mailman/listinfo/wp-edu</a><br>
<br>
_______________________________________________<br>
wp-edu mailing list<br>
<a href="mailto:wp-edu@lists.automattic.com">wp-edu@lists.automattic.com</a><br>
<a href="http://lists.automattic.com/mailman/listinfo/wp-edu" target="_blank">http://lists.automattic.com/mailman/listinfo/wp-edu</a><br>
</div></div></blockquote></div><br></div>