After a long day of struggling with various .htaccess solutions (none of which I could get to work at all in WordPress multisite), I had the wonderful idea to ask for help from the wp-edu listserv and within minutes, Daniel Bachhuber responded with a perfect solution.
But maybe I should have started with the problem. (Let’s do it as a theoretical). A professor has a class site in a WordPress install. That professor has permission from the copyright holder (or has the right under fair use) to share a journal article with her class as a PDF. She does NOT have the right to share that journal article with the entire internet. So she scans the article to a PDF, uploads it to her WordPress install, and links to it on a page that is password-protected, giving the password only to the students (and changing it at the end of the semester) so nobody else can access that page.
The problem is that while the page where the link sits is password-protected, the file itself is not. So anyone with the direct URL to the file can download it instantly, without knowing the password at all. What makes matters worse, google (and others) indexes the content of PDFs quite commonly, so even an attempt at security by obscurity of the filename is bound to fail. Anyone googling for the author’s name, or any of the terms in the journal article, would find a quick and easy link directly to the file, which the professor is now, in violation of copyright, giving away free to one and all (I’m not going to get into a discussion at this point of the overall ethics of copyright and whether or not that journal article “wants” to be free).
Extensive searching, extensive trial and error, over an extensive time had left me unable to solve this problem. But Daniel Bachhuber’s suggestion is a simple and beautiful plugin, Ben Balter’s WP Document Revisions. I admit I had come across this suggestion in my googling, but I rejected it without really thinking it through, on the grounds that I didn’t need “document revisions.” Silly me.
The plugin (which works fine and dandy in multisite, although I do recommend the network-admin add-on from the Code Cookbook) with a very simple interface, lets you set the upload directory outside the document root of your site, not accessible to any outsiders, and then it totally respects your password and beautiful permalinks.
It does much more, as a document workflow solution (sort of an open-source alternative to –ugh– sharepoint, in fact). But just for this little purpose, it’s quite nice. Highly recommended!
[…] note to myself, so I remember the best way to protect PDFs behind a password on a course blog. Joe Ugoretz highlights the problems with most methods, and then proposes the solution I’m using here: Ben […]
Thanks so much for posting this article. I was having pretty much the exact same problem and the plugin worked a treat. So much so that if you have a page protected with a password and use that same password on the file link you don’t have to put the password in twice.
Thanks so much for this info, Joe. I just had a conversation with John Boy on this topic this afternoon.
Let’s wear our gold stars to the first CAT meeting.
Barbara
Awesome – thanks, Joe. Shared this with Boone (who had already read your post here and on wp-edu); he noted that this plugin works outside of WP’s usual handling of media, and so is not ideal, but it sounds like it’s a good (and needed) workaround until we (or WP) can develop something more robust.
In my testing so far, it works GREAT for users on a multisite network like the Commons. It’s the only solution I’ve found that will work at all (all the htaccess tricks I tried would not work at all in multisite. That may have been a result of my own low skill-level, but it’s what I found). And the other plugin I was fooling with, Download Manager, does not fully protect the files and also exposes EVERY file on the server to EVERY WordPress user. Ugh.
This Document Revisions plugin can be activated network-wide, or if you don’t want to do that (I didn’t), it can easily be activated on a per-site basis. In that case, as I mentioned above, you will want the network-admin add on. That lets you set the upload directory network-wide, with each individual site having its own subdirectory. That upload directory can be (should be) located outside the web root of the server, so there is added security.
For this feature alone, I would say that this plugin should be added to the Commons. The only drawback I can see is that people probably won’t know that protecting private files is one of the things it does, until that is explained to them. Because of the plugin’s name (WP-Document-Revisions), and because its main function seems to be document revisions and sharing and workflow, it’s not the first thing people would try or expect to use for protecting their uploaded files.
So if Boone could develop a separate piece that would do just the private uploads part (maybe forked from this one?), that might be useful in an environment like the Commons where we don’t have direct and easy contact with every user at the moment when they have a need.
But if that’s a pain, or low on the priority list, this is absolutely a solution for a (rather serious) problem that I’ve been trying not to think about too much for quite a while. I have had more than a few instances where authors or publishers have sent take-down notices because google searches led them to documents posted on our sites, even though we thought they were private and password protected.
That’s great to hear, Joe. Boone and I were considering working on this in light of your discussion (http://redmine.gc.cuny.edu/issues/2695) and we still may. But it’s very interesting to hear that this solution works. Will it work for, say, users on a multisite network like the Commons?