Would you like to control who can access files uploaded through your forms? The File Access Restrictions feature enhances your File Upload field by letting you protect uploaded files, limiting access to specific WordPress users or securing them with a password.
This guide will show you how to use File Access Restrictions.
Requirements:
- You will need a Basic license level or higher to access the File Access Restrictions feature
- Ensure that you’ve installed the latest version of WPForms to meet the minimum required version for the File Access Restrictions feature
- If you’re using the Post Submission addon, you must update to v1.8.0 or higher for the feature to work properly
Before you get started, be sure to install and activate WPForms and verify your license. Then, create a new form or edit an existing one to access the form builder.
Adding Access Restrictions
To set up access restrictions, first add a File Upload field to your form if you haven’t already.
Then, navigate to the Advanced tab and click on the Enable File Access Restrictions toggle button.
After enabling this feature for your File Upload field, you’ll see new options appear below the toggle button. These options let you choose how to restrict access to uploaded files.
We’ll cover each of the available options in more detail below.
Note: File Access Restrictions protect your files regardless of how they’re accessed – whether through form entries, email notifications, or direct links.
Configuring User Restrictions
If you’d like to restrict access to your uploaded files based on WordPress users, click on the User Restriction dropdown and select Logged-in Users. By default, this is set to None, which means files can be accessed without any restrictions.
When you select Logged-in Users, you’ll see two new options for controlling file access: User Roles and Users.
User Roles
This setting determines which WordPress user roles can access the uploaded files. The Administrator role is automatically included and cannot be removed.
You can expand access by clicking on the User Roles dropdown and selecting additional roles like Editor, Author, or any custom roles available on your WordPress site.
For example, if you select both Administrator and Editor roles, any user with either of these roles will be able to access the uploaded files.
Users
The Users dropdown lets you grant access to specific WordPress users, regardless of their role. This is particularly useful when you want to give file access to individual users who may not have the selected roles.
To select a user, begin typing their username or email address in the Users dropdown field. As you type, matching users will appear in the dropdown list.
For instance, if you have a user with Subscriber role that needs access to specific file uploads, you can select them from the Users dropdown while keeping the broader role-based restrictions in place.
If User Restriction is enabled, users with the correct permissions—based on their role or individual access settings—can download files immediately.
However, if the user isn’t logged in or doesn’t have sufficient permissions, they won’t be able to access the file. Instead, they’ll need to log in to WordPress with an account that has the proper permissions to view the file.
Setting Up Password Protection
In addition to user-based restrictions, you can also protect your uploaded files with a password. To do this, click on the Password Protection toggle button.
When enabled, you’ll see the Enter Password and Confirm Password fields appear. Enter your desired password in both fields to set up the protection.
When someone tries to access a protected file, they’ll need to enter the password. After entering the correct password and clicking Submit, the file downloads automatically.
Once you’ve configured all your settings, be sure to save your form.
Note: You can use Password Protection independently or together with User Restrictions. When both are enabled, users will need to meet the user requirements and provide the correct password to access the file.
Frequently Asked Questions
These are some of the most common questions we receive about using the File Access Restrictions in WPForms.
Can I use both password protection and user restrictions?
Yes, you can enable both types of protection on the same File Upload field. In this case, users will need to both have the proper WordPress permissions and know the password to access the file.
Do administrators need to follow the restrictions?
Yes, the restrictions apply to all users, including administrators. If password protection is enabled, administrators will still need to enter the password to access the file.
What happens when unauthorized users try to access restricted files?
If someone tries to access a restricted file without the required permissions or password, they won’t be able to view or download it.
That’s it! You now know how to use File Access Restrictions to secure your uploaded files in WPForms.
Next, would you like to learn more about working with file uploads? Check out our guide on using the File Upload field for additional options and customizations.