Title: Public root path Last modified: January 7, 2020 --- # Public root path * Resolved [ricks03](https://wordpress.org/support/users/ricks03/) * (@ricks03) * [6 years, 5 months ago](https://wordpress.org/support/topic/public-root-path/) * Using WP File Manager Pro 5.5 on WordPress 5.3.2 * My base assumption here is that if I have files stored in WP File Manager Pro that are in the path of the website, they’re accessible to anyone that knows the file name. So I don’t want them under public_html. * So I have changed the Public Root Path (/admin.php?page=wp_file_manager_root) to be /home/ricks03/wpfm instead of the default of “/home/ricks03/public_html/” * That works from a WPFM file access perspective. WPFM lets me browse the files in the folders, with me able to control access by role. * Now I’d like to be able to create a URL to one of those files. If I select document. pdf in WPFM and select the Share option, I get a link of : [https://mydomain.org/document.pdf](https://mydomain.org/document.pdf) * That link doesn’t work (unsurprisingly). What would be the correct URL to access the file? * I’m trying to replicate functionality I had under Drupal with the webfm module. Under webfm, the url for that file would be [https://mydomain.org/webfm/document.pdf](https://mydomain.org/webfm/document.pdf). Webfm would then control access to that file based on the configuration. That way the files on the file manager were:in the file manager; not accessible if you had no user ID but knew the URL, from a https: URL * Thanks! Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [mndpsingh287](https://wordpress.org/support/users/mndpsingh287/) * (@mndpsingh287) * [6 years, 5 months ago](https://wordpress.org/support/topic/public-root-path/#post-12303436) * Hey [@ricks03](https://wordpress.org/support/users/ricks03/), * You can restrict direct access of URL with htaccess, please follow the given link. * [https://stackoverflow.com/questions/19118482/deny-access-to-one-specific-folder-in-htaccess/19118529](https://stackoverflow.com/questions/19118482/deny-access-to-one-specific-folder-in-htaccess/19118529) * Regards, Mandeep * Thread Starter [ricks03](https://wordpress.org/support/users/ricks03/) * (@ricks03) * [6 years, 5 months ago](https://wordpress.org/support/topic/public-root-path/#post-12305054) * I don’t believe that will resolve my issue? * But let me walk through the scenario. * My files are in /home/ricks03/public_html/wpfm I use .htaccess to restrict access to [http://mysite.com/wpfm](http://mysite.com/wpfm) * Now I can use the WPFM plugin to browse the files, yet [http://mysite.com/wpfm/document.pdf](http://mysite.com/wpfm/document.pdf) won’t work at all. * That makes the functionality identical between having the files in /home/ricks03/ wpfm and /home/ricks03/public_html/wpfm (with the root folder set appropriately)– you can view the file in WPFM (and only WPFM) but can’t access the file at all at [http://mysite.com/wpfm/document.pdf](http://mysite.com/wpfm/document.pdf) * But that’s not quite what I want. I want to be able to have a user click on [http://mysite.com/wpfm/document.pdf](http://mysite.com/wpfm/document.pdf) and have the file open, IF they’re a member of the appropriate role, and not have access if they do not have the appropriate role. Using .htaccess doesn’t limit access by role. * If I place the files in /home/ricks03/public_html/wpfm and then limit access to the folder via .htaccess, is there a way then to create a URL that will work if (and only if) the user is a member of the appropriate role? * In webfm (drupal), you move the files out of the web root (so you can’t get there via a URL) and then webfm manages all the access to files via either the console, OR via direct URL. * [sncs](https://wordpress.org/support/users/sncs/) * (@sncs) * [6 years ago](https://wordpress.org/support/topic/public-root-path/#post-12892677) * I agree with ricks03. * The opening of a file should be processed via Filemanger and not via a direct link to the file (… like download in the context menu?). So the root directory could be kept outside of the webserver public directory. * In the current version, anyone who knows the link, whether logged in or not, can access the file. * Regards, Claudio * Plugin Author [mndpsingh287](https://wordpress.org/support/users/mndpsingh287/) * (@mndpsingh287) * [6 years ago](https://wordpress.org/support/topic/public-root-path/#post-12926358) * Hey [@sncs](https://wordpress.org/support/users/sncs/), * you can put a .htaccess file in that folder that contains just: * deny from all * That way you cannot open any file from that folder, but you can include them in PHP without any problems. * Please refer, [https://stackoverflow.com/questions/9282124/deny-direct-access-to-a-folder-and-file-by-htaccess](https://stackoverflow.com/questions/9282124/deny-direct-access-to-a-folder-and-file-by-htaccess) * Regards, Mandeep Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Public root path’ is closed to new replies. * ![](https://ps.w.org/wp-file-manager/assets/icon-128x128.png?rev=2491299) * [File Manager](https://wordpress.org/plugins/wp-file-manager/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-file-manager/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-file-manager/) * [Active Topics](https://wordpress.org/support/plugin/wp-file-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-file-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-file-manager/reviews/) * 4 replies * 3 participants * Last reply from: [mndpsingh287](https://wordpress.org/support/users/mndpsingh287/) * Last activity: [6 years ago](https://wordpress.org/support/topic/public-root-path/#post-12926358) * Status: resolved