skip to Main Content
How To Restrict Media Library Access In WordPress

How to Restrict Media Library Access in WordPress

Lots of developers love using WordPress.

One the big advantages of WordPress is that you get lots of features out-of-the-box. WordPress gives you a login system, comments, a text editor, a media library others.

Here at UpStream, we love to use as much of the default WordPress features as possible. For example, UpStream comments use the WordPress comments system.

And, when it comes to file uploads for UpStream projects, we use the WordPress media library.

This has several big advantages. As an UpStream user, you can easily upload around 30 file types, from JPG and PNG images to Powerpoint and Word documents.

However, some things about the WordPress core do require caution. For example, the WordPress doesn’t have any restrictions on images so anyone can get access to any file inside the media library. This is not a good idea for a project management site. You don’t want “Client A” in one project to see the files for “Client B” in another project,

UpStream solves this by automatically restricting users to their own media. If UpStream is installed on your site, this image below shows what new users will see. They do not have access to anyone else’s files. You will only be able see other people’s files if those people choose to add them to an UpStream project.

If you’re not an UpStream user, here are some tips and tricks for controlling media library access on your own WordPress site.

Restrict Some Users to Seeing Their Own Files

Restrict Media Library Access is probably the simplest solution to privacy issues.

If you install this plugin, it immediately changes the permissions for anyone who is not an “Editor” or “Administrator”.

In practice, this means that UpStream Clients, Users and Managers will no longer have access to the full media library. Instead, after installing Restrict Media Library Access, this is what you’ll see after logging in. They’ll see the message, “No items found”.

All of the Administrators and Editors on your site will still get unrestricted access to everything in the Media Library.

Restrict Media Library Access is not a complex or flexible plugin, but it does the job.

If you want to go a step further, then “Frontier Restrict Media” will restrict all the users on the site to viewing their own files. Frontier Restrict Media will only allow full media access to user with the “edit_others_posts” permission. That includes these roles:

  • Administrator
  • Editor
  • UpStream Manager

Customizing the Media Library Permissions

It is possible to customize the basic Media Library permissions.

We recommend the Members plugin for customizing UpStream permissions.

If you have “Members” and also “Frontier Restrict Media” installed, you can use them together to customize Media Library access.

Here’s how to give full Media Library access to more users.

  • In your WordPress admin menu, go to Users > Roles.
  • Click “Edit” next to UpStream User

  • Click “Posts” in the sidebar.
  • Check the “Edit Others’ Posts” box.
  • Click “Save”.
  • The UpStream User role will now have full access to the Media Library.

Edit Others Posts role in WordPress

Where is the Media Library Used in UpStream?

So where can you access the Media Library in UpStream? In can access it via “Add Media” buttons that you’ll find in lots of areas of your UpStream projects.

In the admin area you’ll see the “Add Media” button next to all large text areas including “Notes”.

On the front-end you’ll also see “Add Media” buttons next to text areas if you’re using the Frontend Edit extension.

If you’re using the Custom Fields extension, you’ll be able to use the Media Manager with the “File Upload” field type.

Finally, if you want stop people from browsing your Media Library, learn how to protect image and file uploads in WordPress.


Do you have any other restrictions you’d like to see on the WordPress Media Library?

Leave us a comment below and we’ll do our best to help.

This Post Has 2 Comments
  1. One issue many have noticed with this type of solution is that the media library does is, indeed, restricted by user, but if a logged in user the direct URL of another users file, it is possible to download it still. I have not been able to figure out how to work around this, unfortunately.

Leave a Reply

Your email address will not be published. Required fields are marked *