1. Home
  2. WordPress Tutorials
  3. How to Protect the Media Library in WordPress to a User’s Own Uploads

How to Protect the Media Library in WordPress to a User’s Own Uploads

When you have a lot of users accessing WordPress, you want to manage certain restrictions. After all, you don’t want to give one of your authors administrative privileges to make any changes he or she sees fit. In many instances this also means restricting media library access.

Images play a vital role when it comes to engaging the audience. If an author accidentally deletes an image from a post belonging to someone else, it could cause all kinds of internal issues from a lack of engagement to interpersonal problems.

Some of these problems are easily solvable using custom user roles. However, this doesn’t always mean the library folder will remain protected.

In this tutorial, I’m going to show you how to set the WordPress media library to restrict access to users. This means those who use your system will only have access to the graphics they upload themselves.

Using Restrict Media Library Access

Today, I’ll demonstrate the Restrict Media Library Access plugin. It’s a simple tool that streamlines what users can see in the media library while still giving total access to admins and editors.

Go to the Plugins area of WordPress and click, “Add New.”

Add New Plugin

Install and activate the “Restrict Media Library Access” plugin. You can easily search for it by using the Keyword text field on the right.

Restrict Media Library Access

Once the plugin is activated, users of WordPress will only see their own media in the library. Admins and editors will still have complete access to the folder, but WordPress will now associate uploaded media with the individual user.

Using Code

If you can’t find a plugin you like, you can always use PHP coding in WordPress to prevent direct access to media files. This takes a bit more effort and knowledge as you can really cause problems for your site if you don’t know what you’re doing.

Before making any changes in code, always create a backup of your site. This prevents a loss of data and downtime should something happen. It makes restoring so much easier and keeps the website safe.

Access the functions.php file of your website. You can do this in several different ways. You can use the File Manager in cPanel, use FTP programs like FileZilla or use the built-in editor for WordPress. For this tutorial, I’m just going to use the WordPress editor to save time. This is located in the “Appearance” section of the admin dashboard.

Functions PHP

NOTE: It’s often better to work from a child theme when making changes like this. This way, you can easily switch back if something goes wrong and your changes will remain if there is a theme update.

Input the following code in the functions.php file:

add_filter( ‘ajax_query_attachments_args’,
‘wpb_show_current_user_attachments’ );

function wpb_show_current_user_attachments( $query ) {
$user_id = get_current_user_id();
if ( $user_id &&
!current_user_can(‘activate_plugins’) &&
!current_user_can(‘edit_others_posts’) ) {
$query[‘author’] = $user_id;
}
return $query;
}

Input Code

Click the “Update File” button on the bottom.

Update File

Essentially, the code above adds a new filter to WordPress which searches for the “edit_others_posts” function within the user’s profile. If it doesn’t exist, the user can only see his or her own media content.

Alternatively, you can also input the code in a site-specific plugin. However, I suggest using the functions.php command in a child theme. It’s much easier to keep track of and you don’t have to remember what plugin you placed the code in.

Other Plugins of Note

You have to do a bit of digging to find a good plugin that does the job of restricting access to the media library. However, here are a couple I came across that you may want to consider.

Frontier Restrict Media

Frontier Restrict Media

Frontier Restrict Media is another basic plugin that does a similar job to the one I demonstrated above. For instance, any user without the “edit_others_posts” capability will only have access to their own media files. It’s another one of those plugins you simply install and activate without making additional setting changes.

View Own Posts Media Only

View Own Posts Only

In View Own Posts Media Only, authors and contributors are limited to their own media items. It does come with a few functions outside of preventing direct access to the media folder such as uploading to posts. However, the plugin hasn’t updated in quite some time and you may have compatibility issues down the road.

Keeping it Organized

Organization is important when managing your site. Custom users, roles and restrictions are often necessary to streamline the work. Luckily, WordPress makes these kinds of changes easy to manage. All it takes is the right plugin or snippet of code. Just don’t forget to backup your site beforehand.

What kind of user roles do you use in WordPress? How many users access your site on a daily basis?

Author: Alex G.

Updated on July 7, 2019

Was this article helpful?

Related Articles

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.