Filesystem repository: secure file sharing & collaboration


We'll need to implement a secure file sharing & collaboration on a wp website, with the following functionalities:

- access/view, edit, download, delete, etc files as according to user's permissions (M2+ can handle most right?)
- disable direct access to file (we currently can disable folder indexing, however when the user has the full URL, it allows access)
- create temp file access for collaboration, where a set collaboration expiry date can be set
- ability for a user to modify a uploaded file online (i.e.: .xlsx); or download, modify and upload again (i.e. a user with editing permission)

would that be better by somehow integrating Google Drive & Membership or do it all within the site?

  • Adam Czajczyk

    Hello M.,

    I hope you're well today and thank you for your question!

    I think this is quite a complex setup that would require using a few solutions at once, most likely custom coded.

    Our Membership 2 Pro plugin will handle member's signup (including charging for access/subscription) and also includes "Media Protection" add on that will help you restrict access to the files (including URL masking/cloacking). It will not however let you control file access on such a detailed level. Native WP user capabilities would work better for this. I think then the "combo" of Membership 2 Pro and User Role Editor plugins would do most of the job.

    Additionally, as you would like to implement direct file editing, you will need some advanced - probably dedicated - solution for this.

    All this should be interconnected to play nice together and this would require quite an amount of custom coding which would be well beyond the scope of this support forum. That said, you may want to post a question on our "Jobs & Pros" job board (please note: no WPMU DEV staff involved!) here:

    Alternatively, you could check the BuddyDrive plugin here:

    It's a "dropbox-like" tool for BuddyPress plugin that could also make a great foundation for file-sharing service. However, still you would need some custom developed code make sure that it works with memberships and user capabilities the way you wish it too.

    Best regards,

  • D.

    Hi, thanks for the info!

    We've enabled M2pro to a test site, and have enabled the media protection, even enabled the "Protect Individual Media files": however it is still possible to access the files directly knowing the URL.

    How can we avoid that?
    Direct file access is OK, but only is a user is logged in. i.e.: a former employee who had access, could save a URL and access it after leaving the company.

  • Adam Czajczyk

    Hello M!

    it is still possible to access the files directly knowing the URL.

    That's true and unfortunately it's not currently possible to limit this using Membership 2 Pro plugin. I'm not aware of any other plugin that would fully prevent this as the issue here is that knowing full URL of a resource you're accessing it directly, in fact bypassing WordPress at all.

    I'm thinking that the way to go here would be to make sure that there's an empty "index.php" file inside folders that contain protected files (that would prevent directory listing via browser easily) and also apply "hot linking" protection via .htaccess.

    Best regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.