[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuEtvaRCB2D27wKuKPXEj3OCUmRKhtrq7qpx2-hmEuK0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":143,"fingerprints":200},"jvm-protected-media","JVM Protected Media","1.0.6","Joris van Montfort","https:\u002F\u002Fprofiles.wordpress.org\u002Fjorisvanmontfort\u002F","\u003Cp>Protect access to all your media files and implement your own custom file access rules using a hook. Works for apache with mod rewrite or nginx with some custom configuration. No Multisite support. This plugin is more or less a development tool for defining your own custom file access rules.\u003C\u002Fp>\n\u003Cp>For nginx you will need to modify the config file as nginx does not handle .htacess files. Add the following code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>location ~ \"^\u002Fwp-content\u002Fuploads\u002F(.*)$\" {\n    rewrite ^\u002Fwp-content\u002Fuploads(\u002F.*\\.\\w+)$ \u002Findex.php?jvm_protected_media_file=$1;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>Without a custom hook all file access will be disabled. The user will see the 404 page for all requested files. Adding a hook is needed to handle your own file access rules. A simple example that could go into your functions.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_file_access_rule($file_info) {\n    \u002F\u002F Implement your own logic here\n    $userHasAccess = true;\n\n    if($userHasAccess) {\n        \u002F\u002F Send the file output if users has access to the file\n        JVM_Protected_Media::send_file_output($file_info['path']);\n    }\n}\n\nadd_action( 'jvm_protected_media_file', 'my_file_access_rule');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The jvm_protected_media_file action has one parameter with the following file information:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Array\n(\n    [id] => id_of_the_file\n    [url] => full\u002Furl\u002Fto\u002Fyour\u002Ffile\n    [path] => full\u002Fpath\u002Fto\u002Fyour\u002Ffile\n    [is_resized_image] => bool (true if the requested file is a image thumbnail or resized version of an image)\n)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Actions\u003C\u002Fh3>\n\u003Cp>Available actions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>jvm_protected_media_loaded (fires as soon as the plugin is loaded)\u003C\u002Fli>\n\u003Cli>jvm_protected_media_file (fires when a file is requested)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Functions\u003C\u002Fh3>\n\u003Cp>To send the output of a file to you can call:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>JVM_Protected_Media::send_file_output($fullPathToFile)\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Restrict access to all your media files and implement your own custom file access rules.",0,1543,"2022-09-28T09:22:00.000Z","6.0.11","4.4.1","",[18,19,20,21,22],"attachments","files","media","protect","protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjvm-protected-media.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"jorisvanmontfort",5,4200,91,27,88,"2026-04-04T14:01:46.393Z",[37,55,82,103,123],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":34,"num_ratings":33,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":53,"download_link":54,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"media-vault","Media Vault","0.8.12","Max GJ Panas","https:\u002F\u002Fprofiles.wordpress.org\u002Fmax-gjp\u002F","\u003Ch4>Protected Attachment Files\u003C\u002Fh4>\n\u003Cp>Media Vault cordons off a section of your WordPress uploads folder and secures it, protecting all files within by passing requests for them through a \u003Cem>powerful, flexible and completely customizable\u003C\u002Fem> set of permission checks.\u003C\u002Fp>\n\u003Cp>After activating the plugin, to protect attachment files with Media Vault you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>use the \u003Cem>Media Uploader admin page\u003C\u002Fem> to upload new protected attachments,\u003C\u002Fli>\n\u003Cli>use the \u003Cem>Media Vault metabox\u003C\u002Fem> to toggle file protection on the ‘Edit Media’ admin page,\u003C\u002Fli>\n\u003Cli>use the the \u003Cem>Media Vault Protection Settings\u003C\u002Fem> fields in the new Media Modal, or, \u003C\u002Fli>\n\u003Cli>using \u003Cem>bulk actions\u003C\u002Fem> in your Media Library page, you can change file protection on multiple pre-existing attachments at once.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default the only permission check that the plugin does on media files is that the user requesting them be logged in. You can change this \u003Cem>default\u003C\u002Fem> behavior from the ‘Media Settings’ page in the ‘Settings’ menu of the WordPress Admin. You can also change the restrictions set on attachments on an individual basis by means of either the Media Vault metabox on the ‘Edit Media’ page or the Media Vault Protection Settings fields in the new Media Modal.\u003C\u002Fp>\n\u003Cp>You can also write your own custom restrictions using the \u003Ccode>mgjp_mv_add_permission()\u003C\u002Fcode> function. See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Frestrict-only-for-subscribers?replies=5\" rel=\"ugc\">this support question\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch4>Safe Download Links\u003C\u002Fh4>\n\u003Cp>Creating a cross-browser compatible download link for a file is a harder task than might be expected. Media Vault handles this for you, and it does so while preserving all the file security features discussed earlier like blocking downloads to people who should not have access to the file.\u003C\u002Fp>\n\u003Cp>The download links are available through a simple shortcode that you can use in your post\u002Fpage editor screen:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[mv_dl_links ids=\"1,2,3\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>where ‘ids’ are the comma separated list of attachment ids you would like to make available for download in the list.\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> Plugin comes with styles ready for WordPress 3.8+!\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem>  \u003Cstrong>Now supports WordPress MultiSite!\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect attachment files from direct access using powerful and flexible restrictions. Offer safe download links for any file in your uploads folder.",800,17132,"2014-02-18T16:48:00.000Z","3.7.41","3.5.0",[18,51,20,22,52],"downloads","security","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-vault\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-vault.0.8.12.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":11,"last_vuln_date":81,"fetched_at":26},"prevent-file-access","Prevent files \u002F folders access","2.6.1","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction\" rel=\"nofollow ugc\">WordPress Prevent files\u002F folders\u003C\u002Fa> access provides the easiest way to protect WordPress files from public users so that your wordpress media library can be accessed only by \u003Cstrong>WordPress logged in\u003C\u002Fstrong> users or users with \u003Cstrong>specific roles\u002Fcapabilities\u003C\u002Fstrong>. Your \u003Cem>ebooks\u003C\u002Fem>, \u003Cem>pdfs\u003C\u002Fem>, \u003Cem>other important files\u003C\u002Fem>, etc., can be \u003Cstrong>protected from google indexing\u003C\u002Fstrong> so that data is protected from getting stolen. Control users access to media library, Control users access to the WordPress upload folder or sub folders, and restrict all the files published on your WordPress site.\u003C\u002Fp>\n\u003Cp>For restricted Content you can choose to redirect users to \u003Cstrong>403 forbidden page\u003C\u002Fstrong>, your \u003Cstrong>custom page\u003C\u002Fstrong>, \u003Cstrong>WordPress login page\u003C\u002Fstrong>, SSO login page (if you are using OAuth or SAML SSO).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No change required\u003C\u002Fstrong> or \u003Cstrong>no manual work\u003C\u002Fstrong> needed to create a private link to protect your wordpress media file. Our plugin takes care of your media library or via Media, Pages, or Posts.\u003C\u002Fp>\n\u003Cp>We support a level of security where you can choose either \u003Cem>\u003Cstrong>cookie-based\u003C\u002Fstrong>\u003C\u002Fem> restriction or \u003Cem>\u003Cstrong>session-based\u003C\u002Fstrong>\u003C\u002Fem> restriction.\u003Cbr \u002F>\nAlso, we support Apache and Nginx servers to prevent direct access to the WordPress media library and therefore protect the media library for public or restricted users.\u003C\u002Fp>\n\u003Cp>It prevents private download of the media files from public access and only the logged-in users or specific user roles can access and download the wordpress media files.\u003C\u002Fp>\n\u003Cp>We also support media\u002Ffiles\u002Ffolders Restriction based on NFT holding in the user crypto wallet. We support any level of customization according to your requirement.\u003C\u002Fp>\n\u003Ch3>File-Based Protection\u003C\u002Fh3>\n\u003Cp>WordPress Prevent file\u002Ffolder access is developed to allow you to protect wordpress media file in your customized way. It will prevent direct access from media library \u003Cstrong>based on their extension\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>You can protect file types below:\n\n* Images - Every type of image files can be protected. eg: jpeg, jpg, gif, png, bmp, webp, pfg, ico, psd, etc.\n* Videos - Every type of video files can be protected. eg: mp4, m4a, m4v, f4v, f4a, m4b, m4r, f4b, mov, 3gp, avi etc.\n* Documents - Every type of document files can be protected. eg: doc, docx, html, pdf, txt, ppt, xls, xlsx, pptx, odt.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Redirect\u003C\u002Fh3>\n\u003Cp>WordPress Prevent file\u002Ffolder access provides \u003Cstrong>redirect options\u003C\u002Fstrong>. This allow you to redirect the restricted users to any WordPress page of your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>403 forbidden page\u003C\u002Fstrong> \u003Cem>(DEFAULT)\u003C\u002Fem> – \u003Cem>Users will be shown 403 forbidden pages with a restricted access message.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display custom page\u003C\u002Fstrong> – \u003Cem>We can redirect users to any WordPress custom page when they try to access restricted files or folders.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress login\u003C\u002Fstrong> – \u003Cem>Users will be redirected to the WordPress default login page.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IDP login\u003C\u002Fstrong> – \u003Cem>Users will redirect to the selected IDP (SAML\u002FOAuth) login page and after IdP authentication they can see the restricted content.\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Private Directory\u002FProtected folder\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Our plugin also gives you a \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction#mediarestriction\" rel=\"nofollow ugc\">Private Directory\u003C\u002Fa> where you can add files of all extension types and restrictions will be applied to all files inside the private directory.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Membership Based Media Restriction.\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress Prevent files\u002F folder allows you to secure media library and control wp-content\u002Fuploads access based on the membership purchased by the user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Folder Based Protection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress Prevent files\u002F folders access allows you to protect your folders too, the \u003Cstrong>wp-content or uploads\u003C\u002Fstrong> folder where all the wordpress media files like images, videos, and document files are stored will also be protected.\u003C\u002Fli>\n\u003Cli>Users have the option to \u003Cstrong>protect a particular month’s media files or sub folder in uploads directory.\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Based Restriction\u003C\u002Fstrong> – A particular user can access only a particular folder. (Admin would be able to access all the folders)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role Base folder access\u003C\u002Fstrong> – Uploads folder or subfolders can be restricted for public access and allowed folder access to users with specific role. (Admin would be able to access all the folders)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We support \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.learndash.com\u002F\" rel=\"nofollow ugc\">LearnDash\u003C\u002Fa>\u003C\u002Fstrong> and other LMS to restrict files and folders according to different groups and specific user roles.\u003C\u002Fp>\n\u003Cp>You can customize the restriction rules and use them as per your needs.\u003C\u002Fp>\n\u003Cp>This functionality operates at the server level, thus if the Apache server rules don’t work, or also the WP Engine, Siteground, and other servers like this run on an Nginx server, which requires the use of Nginx configuration rules. If you face any issues please email us at \u003Cem>info@xecurify.com\u003C\u002Fem> or \u003Cem>oauthsupport@xecurify.com\u003C\u002Fem>. We would recommend you to please ensure your PHP server and rules first which will work on your server before purchasing it or else \u003Cstrong>contact us we will help you to set up the plugin according to your requirements on your site.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FREE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your wordpress media files, libraries and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Can restrict five standard extensions (.png, .jpg, .gif, .pdf, .doc).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: Can redirect non-logged-in users to any page of your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep selected files in a protected folder and they will be restricted from the public users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure the plugin on the Apache server easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PREMIUM VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restricton to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect the non-logged-in users to any page of your WordPress site or to the WordPress login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to wordpress media library from non-logged-in users. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can store unlimited files in a private directory\u002Fprotected folder and they will be restricted from the public users and indexing on search engine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>ENTERPRISE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your WordPress media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restriction to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect non-logged-in users to any page of your WordPress site or to the WordPress login page or to SAML\u002FOAuth login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to the WordPress uploads folder or any other folder in your WordPress instance from non-logged-in users by enabling user access restrictions. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep unlimited files in a protected folder and they will be restricted from the public users to prevent direct access to specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie or Session.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>ALL INCLUSIVE VERSION FEATURES\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Prevent Files\u002FFolder Access allows you to protect your WordPress media files and folders from public access.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Extensions Restricted\u003C\u002Fstrong> – Media restricton to unlimited extensions is supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection of non-logged-in users\u003C\u002Fstrong>: You can redirect non-logged-in users to any page of your WordPress site or to the WordPress login page or to SAML\u002FOAuth login page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Folder Restriction\u003C\u002Fstrong>: Can restrict access to the WordPress uploads folder or any other folder in your WordPress instance from non-logged-in users by enabling user access restrictions. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protected Folder\u003C\u002Fstrong>: Can keep unlimited files in a protected folder and they will be restricted from the public users to prevent direct access to specific user roles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Supported Servers\u003C\u002Fstrong>: You can configure plugins on Apache and NGINX servers easily.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Level Base\u003C\u002Fstrong>: Plugin will check if a user is logged in or not through Cookie or Session.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media Management\u003C\u002Fstrong>: You can create custom folders and subfolders to organize your media library and control access of the created folders and subfolders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Download Logs\u003C\u002Fstrong>: You can view logs for uploading, downloading, and deleting files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership Based Media Restriction\u003C\u002Fstrong>: Compatible with Paid Memberships Pro, ARMember Membership, WordPress Membership, and WooCommerce Subscriptions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>DOCUMENTATION AND SUPPORT\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For documentation go to our \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwordpress-media-restriction#mediarestriction\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you have any questions or want to request new features, contact us via email at \u003Ca href=\"mailto:oauthsupport@xecurify.com\" rel=\"nofollow ugc\">oauthsupport@xecurify.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Prevent public access to WordPress files and folders. Protect downloads from public access, Role-based folder access, and User base folder access.",1000,34694,92,35,"2025-06-24T06:01:00.000Z","6.8.5","3.0.1","5.6",[72,73,74,75,76],"content-restriction","media-restriction","protect-uploads","protect-folders","secure-files","http:\u002F\u002Fminiorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-file-access.2.6.1.zip",97,2,"2025-08-06 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":80,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":16,"download_link":102,"security_score":92,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"aam-protected-media-files","AAM Protected Media Files","1.3.2","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>Prevent direct access to the unlimited number of media library items either for visitors, individual users or groups of users (roles). This plugin does not modify a physical file’s location or URL.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>The AAM Protected Media Files plugins is the official add-on to the free Advanced Access Manager (aka AAM). While this plugin actually manages physical access to the media files, AAM provides the UI interface to define access to files.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Few Facts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It requires a simple manual steps in order to configure a webserver to protect direct access to \u003Ccode>\u002Fwp-content\u002Fuploads\u003C\u002Fcode> folder. For more information, please check \u003Ca href=\"https:\u002F\u002Faamportal.com\u002Farticle\u002Fprotected-media-files-installation\" rel=\"nofollow ugc\">our installation instructions\u003C\u002Fa>;\u003C\u002Fli>\n\u003Cli>It does not change a physical file’s location, content or URL. Upon deactivation, everything goes back to normal;\u003C\u002Fli>\n\u003Cli>It protects all the allowed by WordPress core file types and those that are extended with third-party plugins (e.g. \u003Ccode>.svg\u003C\u002Fcode>, \u003Ccode>.sketch\u003C\u002Fcode>, etc.). For the list of all allowed extensions, check official WP documentation for the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_get_ext_types\u002F\" rel=\"nofollow ugc\">wp_get_ext_types()\u003C\u002Fa> core function;\u003C\u002Fli>\n\u003Cli>It allows you to manage access to any media file for visitors, any individual user, roles or even define the default access to all media files for everybody (this one is available with \u003Ca href=\"https:\u002F\u002Faamportal.com\u002Fpremium\" rel=\"nofollow ugc\">premium\u003C\u002Fa> add-on for AAM plugin);\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information about how properly install and use it, refer to \u003Ca href=\"https:\u002F\u002Faamportal.com\u002Fsupport\" rel=\"nofollow ugc\">our documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Add-on to the free Advanced Access Manager plugin that protects media files from direct access for visitors, roles or users",600,16488,100,"2025-06-05T11:29:00.000Z","6.8.0","4.7.0","5.6.0",[98,19,99,100,101],"documents","media-library","protected-media","protected-videos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faam-protected-media-files.1.3.2.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":11,"num_ratings":11,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":121,"download_link":122,"security_score":92,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"download-monitor-integration-for-woocommerce","Download Monitor integration for WooCommerce","1.0.2","Cristian Raiber","https:\u002F\u002Fprofiles.wordpress.org\u002Fcristianraiber-1\u002F","\u003Cp>With the help of this extension you will be able to restrict the downloads from your website behind a WooCommerce purchase.\u003C\u002Fp>\n\u003Ch3>How does it work\u003C\u002Fh3>\n\u003Cp>When configuring your WooCommerce products, you will be able to select and attach a download\u002Ffile from Download Monitor. This will allow users to download that specific file only after they purchase the product it is linked to.\u003C\u002Fp>\n\u003Cp>You can read more about this extension in our \u003Ca href=\"https:\u002F\u002Fdownload-monitor.com\u002Fkb\u002Fwoocommerce-and-download-monitor-integration\u002F?utm_source=wordpress.org&utm_medium=web&utm_campaign=description-block\" rel=\"nofollow ugc\">official documentation article\u003C\u002Fa>.\u003C\u002Fp>\n","Restrict your available downloads behind a WooCommerce purchase.",70,1328,"2025-12-02T10:21:00.000Z","6.9.4","5.5","7.3",[118,19,22,119,120],"download","purchase","shop","https:\u002F\u002Fdownload-monitor.com\u002Fkb\u002Fwoocommerce-and-download-monitor-integration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-monitor-integration-for-woocommerce.1.0.2.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":111,"downloaded":131,"rating":92,"num_ratings":132,"last_updated":133,"tested_up_to":114,"requires_at_least":134,"requires_php":16,"tags":135,"homepage":141,"download_link":142,"security_score":92,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wphhsecure","WPHH SECURE – AIO WordPress Security With File Locking & WP Hide Login","1.1.9","WPHackedHelp","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginsupportwphackedhelp\u002F","\u003Cp>Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility. Built for speed, security, and control.\u003C\u002Fp>\n\u003Ch3>Full Description\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WPHH SECURE\u003C\u002Fstrong> by \u003Ca href=\"https:\u002F\u002Fsecure.wphackedhelp.com\" rel=\"nofollow ugc\">WP Hacked Help\u003C\u002Fa> is a comprehensive WordPress security plugin that integrates advanced file protection and login URL obfuscation. It blocks brute-force attacks, unauthorized access, and file tampering by allowing you to easily lock or unlock your WordPress files and folders with a single click.\u003C\u002Fp>\n\u003Cp>The plugin comes with a user-friendly interface and real-time feedback, ensuring secure operations without any technical knowledge required. WPHH SECURE is built to work seamlessly with the native WordPress functions, ensuring compatibility and safety for all sites, including blogs, business sites, and WooCommerce stores.\u003C\u002Fp>\n\u003Cp>With automatic exclusions for sensitive folders and the ability to manage folder exceptions, WPHH SECURE ensures that critical areas like uploads, cache, and backups are not locked accidentally. It also features login URL hiding to prevent unauthorized access to your site’s backend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>One-Click Lock\u002FUnlock\u003C\u002Fstrong> – Lock or unlock all WordPress files and folders with a single click.\u003Cbr \u002F>\n✅ \u003Cstrong>Smart Dashboard\u003C\u002Fstrong> – Access real-time status updates and track lock activities in the dashboard.\u003Cbr \u002F>\n✅ \u003Cstrong>Role-Based Access\u003C\u002Fstrong> – Configure permissions to restrict access to the lock\u002Funlock feature based on user roles.\u003Cbr \u002F>\n✅ \u003Cstrong>Login URL Hiding\u003C\u002Fstrong> – Prevent brute-force login attempts by hiding or changing your default WordPress login URL.\u003Cbr \u002F>\n✅ \u003Cstrong>Safe File Handling\u003C\u002Fstrong> – Built on WP_Filesystem for secure file handling using AJAX for smooth background execution.\u003Cbr \u002F>\n✅ \u003Cstrong>Auto Exclusions\u003C\u002Fstrong> – Automatically exclude high-priority folders (e.g., uploads, cache, backups) from being locked.\u003Cbr \u002F>\n✅ \u003Cstrong>Visual Progress Feedback\u003C\u002Fstrong> – Watch real-time updates with progress bars and completion messages.\u003Cbr \u002F>\n✅ \u003Cstrong>Folder Exclusion Manager\u003C\u002Fstrong> – Easily add or remove folders from the exclusion list to keep them safe.\u003C\u002Fp>\n","Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility.",1870,7,"2026-01-21T13:20:00.000Z","5.0",[136,137,138,139,140],"brute-force-protection","file-locking","hide-login-url","wordpress-security","wp-filesystem","https:\u002F\u002Fsecure.wphackedhelp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwphhsecure.1.1.9.zip",{"attackSurface":144,"codeSignals":176,"taintFlows":189,"riskAssessment":190,"analyzedAt":199},{"hooks":145,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":11,"unprotectedCount":11},[146,152,156,159,164,168],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","wp_loaded","closure","jvm-protected-media.php",109,{"type":147,"name":153,"callback":154,"file":150,"line":155},"admin_notices","warning_apache",112,{"type":147,"name":153,"callback":157,"file":150,"line":158},"warning_nginx",117,{"type":160,"name":161,"callback":162,"file":150,"line":163},"filter","mod_rewrite_rules","get_rewrite_rules",123,{"type":147,"name":165,"callback":166,"priority":11,"file":150,"line":167},"init","parse_get",126,{"type":147,"name":169,"callback":170,"file":150,"line":171},"admin_init","notices_dismissed",133,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":185,"fileOperations":187,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":188},[],{"prepared":11,"raw":80,"locations":179},[180,183],{"file":150,"line":181,"context":182},277,"$wpdb->get_var() with variable interpolation",{"file":150,"line":184,"context":182},283,{"escaped":11,"rawEcho":11,"locations":186},[],1,[],[],{"summary":191,"deductions":192},"The \"jvm-protected-media\" v1.0.6 plugin exhibits a generally strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface. Furthermore, the code signals indicate that all identified outputs are properly escaped, and there are no critical or high severity taint flows. The absence of known vulnerabilities in its history also suggests a well-maintained and secure development practice.\n\nHowever, the analysis does highlight a couple of areas for concern. The plugin utilizes two SQL queries that do not employ prepared statements, which can be a vulnerability if user-supplied data is incorporated into these queries without proper sanitization. Additionally, there is one file operation noted, and while no specific risks are detailed, file operations inherently carry a risk of insecure handling, especially if they involve user input or external paths. The lack of nonce and capability checks on any potential entry points (though there are none listed) would be a significant concern if they existed, but as it stands, these are not directly applicable.\n\nIn conclusion, the plugin appears robust with a minimal attack surface and good output handling. The primary risks stem from the unescaped SQL queries and the general potential of file operations. The complete lack of historical vulnerabilities is a positive indicator. Addressing the SQL query practices and ensuring the file operation is secure would further solidify its security.",[193,196],{"reason":194,"points":195},"SQL queries not using prepared statements",10,{"reason":197,"points":198},"File operation without specific security context",3,"2026-03-17T06:48:40.808Z",{"wat":201,"direct":206},{"assetPaths":202,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[],[],[],[],{"cssClasses":207,"htmlComments":208,"htmlAttributes":211,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":214},[],[209,210],"\u003C!-- JVM Protected Media file rewrite rules -->","\u003C!-- JVM Protected Media file rewrite rules end -->",[],[],[],[]]