Chad Butler

Blocking access to content is not the same as blocking access to files. Content lives in the database and access can easily be shut down through PHP scripting. But a file lives on the server, so anyone with a direct link to it can access it.

You’re on the right track as .htaccess is the best way I know of to limit direct access to files. You can then use a PHP script to allow the user to download it, allowing that as the only way for the file to be served to a user. Then your PHP script can validate whether the user can access or not.

WP-Members core plugin only deals with content, not files since that is different. However, there is a premium extension for WP-Members that limit file access to logged in users. It does this as I described above – using a combination of .htaccess and then only serving the files through a PHP script that also validates the user. In translating your question and concern, it sounds like you might need to limit file access to specific users and the extension does not do that – it only limits by whether the user is logged in or not logged in. But it does have filter hooks that would allow you to extend that capability to limit certain files to certain users.

Note that ordinarily I would not mention the premium plugin here by itself. I’m only mentioning it since it is an extension specifically for WP-Members and you mentioned that you had used/tried that plugin. I’m sure there are other similar solutions available as well.