Password protecting files / restricting file visibility

Files uploaded to the "Public Files" section of File Manager do not have any inherent accessibility restrictions.

Any site visitor can access these files, provided they have the file URL. This is deliberate; it means that any file in File Manager can be dropped onto a site page without breaking it or showing a 'missing file' placeholder.

As a result, any file stored in the "Public Files" section is, well, public. These files are visible to the internet at large.

Files that are saved in the "Private Files" section of File Manager are restricted. These files are visible only to users who are logged into the website. Public users cannot see or access those files.

It's possible to password protect a page, and then link to a file from that page. It's important to make the distinction though that this will only limit users from accessing that particular page. If the linked file is stored in the "Public Files" section of File Manager, it's still possible for a user to access that file directly, bypassing the password-protected page. The user would simply have to type the full URL of the file into their browser. This means they would need to know (or guess) the file name and the path to the directory where it's saved. There are tools available which could automate that process, which means that simply relying on obscurity by not publicizing the file name/file path would NOT prevent an arbitrary user from finding the file in question.

Certain file types, such as Excel spreadsheets and Word documents, can be password-protected from within the program that created them in the first place. Anybody would be able to download the file and open it up, but without the password they wouldn't be able to see its contents. This would be a reasonable way to easily distribute the file without revealing its contents to unauthorized users. 

Was this article helpful?
4 out of 4 found this helpful



Please Sign in to leave a comment if you don't see the comment box below.