I recently completed a project for a client who wanted to create a repository for sharing documents within their organisation. This included sensitive financial information, as well as confidential employee information, like their tax documents.
So it goes without saying, that the solution had to be very secure and had to have very fine-grained user access control on a download by download basis, so that specific files could only be accessed by certain employees.
I did a lot of research on the matter and the feature that I had the most trouble finding a solution for was restricting specific files to specific people.
Ultimately however, I found solace in WP Download Manager. The Pro version of the plugin runs at $45, and I also needed to purchase the $5 Advanced Access Control add-on to allow that fine-grained access control to each file.
With WP Download Manager, not only can you set which specific users can access the file, you can also set what user levels should be able to access it – that includes whether visitors (not logged in) should be able to download files – if not, they’ll get an error message. But this is a great way to offer files for download from your site.
For security, each download link uses a download key, which requires the user to log in if required, so there’s no way to hotlink to the file; the original file URL is protected.
The plugin also has a bunch of extra features, like allowing download of a file after liking your Facebook page, giving you an email address, entering a password, or giving you a +1 on Google.
There’s a whole lot of fluff in the plugin in my opinion, like version control and individual file download from within a package of files, but at the end of the day, it has all of the features that you need to create a secure downloads area, whether it’s for public use, or strictly internal.
I have to say that it’s not the best solution in the world, as far as WordPress plugins go – the user interface isn’t very well thought out and it doesn’t have the appearance of a WordPress plugin; the buttons, layout and styling all feel quite messy, so it takes a while to get used to the plugin and how things work.
Also, you want to hope that you don’t need support; I had to open a support thread in their forums and despite having paid for the product, it took several weeks to get the issue resolved. So their customer service is about the worst I’ve come across.
It takes a little getting used to the interface and there’s some quirks, but the face of the matter is, it does the job and that’s (almost) all that matter.