private-uploads

Simple, works well, just perfect for me. Some tips: With the Plugin User Role Editor you can add a role like view_private_file and choose which user roles can access it. You can also redirect to a access denied page. Just modify in the Plugin file the function send_private_file like this: // Only return files to logged-in users if (!is_user_logged_in() || !current_user_can('view_private_file')) { header("Location: https://www.yoursite.com/access-denied"); die(); }

Developer was helpful in answering my questions. Bluehost users will want to follow the Apache instructions.

This is just the plugin I needed! No fluff, just does one thing and does it well. While it does work out of the box, there's some hard-coded paths and other things in there that can't be changed, so I've based a customized version off this plugin. For anyone who wants to use this with Apache, here's an equivalent .htaccess rule: RewriteRule ^wp-content/uploads/(private)/(.*)$ /?pucd-folder=$1&pucd-file=$2 [L]