Este plugin no se ha probado con las últimas 3 versiones mayores de WordPress. Puede que ya no tenga soporte ni lo mantenga nadie, o puede que tenga problemas de compatibilidad cuando se usa con las versiones más recientes de WordPress.

Htaccess Secure Files


The Htaccess Secure Files plugin can only be activated on Apache web servers with mod_rewrite enabled, and will automatically raise an error upon activation if this is not the case.

The Htaccess Secure Files plugin allows for setting files to be accessible only to visitors who have a specified IP address or WordPress role or capability. By using .htaccess files to secure the content instead of a separate directory outside the web root, WordPress’s native media library functionality can be used to upload secure files and link to them from within the visual editor.

By default all built-in WordPress roles will be allowed to access content that is marked as secure. The Settings -> Secure Files admin screen controls which roles, capabilities, and IP addresses are allowed to view or download secured files. If a custom role or capability is desired, there are several WordPress plugins capable of creating and editing roles and capabilities.

Any visitor that matches any selected role, capability, or IP address will be allowed to access secured files.

This plugin works by creating a .htaccess files in the directory of each secured file. If you manually edit the .htaccess file and it becomes corrupt (a 500 Internal Server Error is the most likely symptom), I recommend deleting the .htaccess file and then edit and save each secured item in the media library.


  • Change the "Secured File" value to Yes on the Edit Media screen to secure a file.
  • Select the user roles that can access secured files.
  • Select the user capabilities that can access secured files.
  • Select which IP addresses can access secured files.


  1. Unzip the zip archive and upload the htaccess-secure-files directory to your /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. On the ‘Settings’ -> ‘Secure Files’ admin screen select which roles, capabilities, and IP addresses will be allowed to access secure files and what the server response should be for those denied access.
  4. To secure individual files edit the file on the ‘Media’ admin screen and change the ‘Secured File’ setting to ‘Yes’.


No hay reseñas para este plugin.

Colaboradores y desarrolladores

«Htaccess Secure Files» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


Traduce «Htaccess Secure Files» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios


  • Adding smarter detection when WordPress is installed in a sub-directory of a site.


  • MIME/Content-type detection routine expanded (in order of priority): 1) Use WordPress’s built-in (or plugin modified) MIME types. 2) Use Fileinfo PECL extension if installed. 3) Check with mime_content_type (deprecated). 4) Fallback to ‘application/octet-stream’.


  • «Denied access response» is now customizable: WordPress login, 403 Forbidden, 404 Not Found, or custom redirect.


  • Added «Secure» column to media manager list table
  • Added simple IP address whitelisting (may add more complexity in a later version)
  • Added the capability to hide/disable the admin interface with a define statement
  • Added screenshots


  • Initial version