Create a Secure Downloads Center with WordPress


I recently completed a project for a client who wanted to create a repository for sharing documents within their organisation. This included sensitive financial information, as well as confidential employee information, like their tax documents.

So it goes without saying, that the solution had to be very secure and had to have very fine-grained user access control on a download by download basis, so that specific files could only be accessed by certain employees.

I did a lot of research on the matter and the feature that I had the most trouble finding a solution for was restricting specific files to specific people.

Ultimately however, I found solace in WP Download Manager. The Pro version of the plugin runs at $45, and I also needed to purchase the $5 Advanced Access Control add-on to allow that fine-grained access control to each file.

The good

With WP Download Manager, not only can you set which specific users can access the file, you can also set what user levels should be able to access it – that includes whether visitors (not logged in) should be able to download files – if not, they’ll get an error message. But this is a great way to offer files for download from your site.

For security, each download link uses a download key, which requires the user to log in if required, so there’s no way to hotlink to the file; the original file URL is protected.

The plugin also has a bunch of extra features, like allowing download of a file after liking your Facebook page, giving you an email address, entering a password, or giving you a +1 on Google.

There’s a whole lot of fluff in the plugin in my opinion, like version control and individual file download from within a package of files, but at the end of the day, it has all of the features that you need to create a secure downloads area, whether it’s for public use, or strictly internal.

The bad

I have to say that it’s not the best solution in the world, as far as WordPress plugins go – the user interface isn’t very well thought out and it doesn’t have the appearance of a WordPress plugin; the buttons, layout and styling all feel quite messy, so it takes a while to get used to the plugin and how things work.

WP Download Manager

Also, you want to hope that you don’t need support; I had to open a support thread in their forums and despite having paid for the product, it took several weeks to get the issue resolved. So their customer service is about the worst I’ve come across.

It takes a little getting used to the interface and there’s some quirks, but the face of the matter is, it does the job and that’s (almost) all that matter.

WP Download Manager

5 thoughts on “Create a Secure Downloads Center with WordPress”

  1. Robert says:

    I have used WP Download Manager for a while, but it sucks, espcecially the UI and support forum. They just want us to buy the paid version instead. I would love to host my files on Google Project, much better and higher speed

    1. Yes, it wasn’t one of the greatest experiences, but in the end, it got there and it did the job. The main reason I choose this over anything else was the fine-grained user access control that could be added on. That proved very useful.

  2. Navjot Singh says:

    Thanks for publishing honest review about WP Download Manager. I really appreciate your honest recommendation. Thanks !

  3. Ben says:

    Thanks for the info, just what I need to get started. Did you manage to acheive downloads over SSL?

    1. I never tried it in this instance, but I see no reason why this couldn’t, or wouldn’t work.

Leave a Reply