Skip to content

Protected Links for ExpressionEngine - secure & encrypt download links

21 Feb 2011

Protected Links for ExpressionEngine - secure & encrypt download links

This add-on lets you encrypt/secure download links, restrict access to the files and also display some useful statistics. It consists of module and fieldtype.


  • Create highly secure download links
  • Display pre-generated links or generate them ‘on the fly’
  • P&T Matrix support
  • Serve files from local source, URL or from Amazon S3 or RackSpace CloudFiles secure containers
  • Limit file access to certain members/member groups/IP
  • Limit file access based on custom member profile field value
  • Limit number of times file can be downloaded by same user
  • Expire the download link after some time
  • Display file/link donwload statistics
  • Display member download statistics

Find more info in the documentation

For support, please email .(JavaScript must be enabled to view this email address).

Changelog RSS

  • v. 1.0 — 2020-12-04 10:16
    • Initial release
  • v. 1.3 — 2020-12-04 10:16
    • Ability to delete file with all its links
    • NSM Addon Updater support
    • Bug fixes
  • v. 1.4 — 2011-04-09 11:11
    • Fixed bug when the link was changed after CP edit
    • Hotlinking denial option
  • v. 1.4.1 — 2011-04-12 12:48
    • Added {dl_link:total_downloads} tag
    • Datepicker bug fix
    • Local storage bug fix
  • v. 1.4.2 — 2011-05-11 09:51
    • Group access bug fix
  • v. 1.4.3 — 2011-06-07 18:44
    • Bug fix on filtering stats in CP
  • v. 1.4.4 — 2020-12-04 10:16
    • Minor bug fix
  • v. 1.4.5 — 2020-12-04 10:16
    • Bug fix
  • v. 1.4.7 — 2020-12-04 10:16
    • Bug fix
  • v. 1.4.8 — 2020-12-04 10:16
    • Minor bug fix
  • v. 1.5.0 — 2011-09-08 12:01
    • Added 'display inline' parameter
    • Bug fix for guest access for links generated in template
  • v. 1.5.2 — 2011-09-09 19:05
    • Bug fixes
  • v. 1.5.3 — 2020-12-04 10:16
    • Minor bug fixes
  • v. 1.5.4 — 2011-10-11 11:26
    • Bug fix
  • v. 1.6.0 — 2011-11-10 21:03
    • Ability to display all files accessible to user
  • v. 1.6.2 — 2011-12-09 18:52
    • Bug fix
  • v. 1.6.3 — 2020-12-04 10:16
    • Search link by filename in CP
    • Better design for CP
  • v. 1.6.4 — 2020-12-04 10:16
    • Compatibility release for older EE versions
  • v. 1.6.5 — 2020-12-04 10:16
    • ssl="yes" parameter for frontend links generation
  • v. 1.6.6 — 2020-12-04 10:16
    • Update for Amazon S3 library
  • v. 1.6.7 — 2020-12-04 10:16
    • Compatibility release
  • v. 1.6.8 — 2020-12-04 10:16
    • Minor fix
  • v. 1.7.0 — 2020-12-04 10:16
    • Added tag to display list of user's downloads
    • Uploader compatibility fix
  • v. 1.7.1 — 2012-04-07 15:10
    • Fix for whitespaces in local file names
  • v. 1.8.0 — 2012-04-10 19:06
    • Added {description} variable for links
    • More variables available using fieldtype
  • v. 1.8.1 — 2020-12-04 10:16
    • Bug fix for dealing with 302 redirect
  • v. 1.8.2 — 2012-05-08 12:41
    • Fix for compatibility with old EE version (2.2.2 and prior)
  • v. 1.9.0 — 2020-12-04 10:16
    • Support for European S3 endpoint
  • v. 1.9.1 — 2012-06-08 12:33
    • Bug fix
  • v. 1.9.3 — 2020-12-04 10:16
    • More search possibilities in download stats
  • v. 1.9.4 — 2020-12-04 10:16
    • Full support for S3 endpoints
  • v. 1.9.5 — 2020-12-04 10:16
    • Potentional vulnerability fix
  • v. 1.9.6 — 2020-12-04 10:16
    • Added no_results to files tag
  • v. 1.9.7 — 2020-12-04 10:16
    • Fixed limiting number of downloads with IP restriction
  • v. 1.9.8 — 2020-12-04 10:16
    • fixed pagination on Members tab in CP
  • v. 1.9.9 — 2014-04-04 15:54
    • Minor fix
  • v. 2.0.0 — 2014-04-08 13:11
    • Date functions fixed for EE 2.8 compatibility
  • v. 2.0.1 — 2020-12-04 10:16
    • Compatibility fixes for EE 2.8.1
  • v. 2.1.0 — 2014-12-07 09:34
    • search and sorting in CP
    • CloudFront integration
  • v. 2.1.1 — 2015-05-05 09:57
    • EE 2.10 compatibility
  • v. 2.1.2 — 2020-12-04 10:16
    • SSL fix

Licensing & support terms


  1. jose canseco
    jose canseco 21 Feb 2011

    hi! i can help you test it ñ_ñ

  2. Casey
    Casey 28 Apr 2011

    Is there any way to output the full local storage path on the frontend?
    I’m updating the files via phing through SVN and am trying to get the absolute path to display the last modified date and time. thanks.

    • Yuri Salimovskiy's avatar
      Yuri Salimovskiy 29 Apr 2011

      No, it’s not possible to output the “real” path/URL on the frontend. You can however run SQL query to display it.

  3. Storm Design
    Storm Design 05 May 2011

    I have a potential website which requires:

    1. Allow users to register to become a member.
    2. Once logged-in, users can access a directory of password-protected articles, effectively a list of approx 100 additional pages (which will be single-paged, channel entries… each entry/page having its own code/password)
    3. The website needs to track which articles the member has accessed, so they can easily see what articles they have ‘unlocked’ so they re-visit that article without being prompted for code/password, while listing articles that are still ‘locked’.
    4. the password needs to be configurable/editable and not random.

    Is this possible with this add-on? Many thanks.

    • Yuri Salimovskiy's avatar
      Yuri Salimovskiy 05 May 2011

      the module does not generate any username/password combination. You can serve html pages using it, and have stats who visited/downloaded what (backend only for now). But the access will be granted based on member’s profile data (group, custom field etc.) and not based on separate password. Checking whether this is first visit or not is also not possible.
      So while Protected Links will probably satisfy some of your needs, it will not give you the desired setup “out of the box”
      NB You may also want to check Entry access

  4. Kevin
    Kevin 09 May 2011

    How do you make certain that guests are allowed to download? What all checks will it run through after the “allow guest access”? Guests doesn’t show up in “allow access to group”. When I log out of the admin, the link shows up, but it will just go to a white page and not start the download. Any tips? Thanks.

    • Yuri Salimovskiy's avatar
      Yuri Salimovskiy 09 May 2011

      Kevin, if you allow guest access then all other checks are skipped.
      If you get blank page then you probably provided wrong link/path
      Fell free to email me the details if you continue experiencing problems

  5. CDT
    CDT 20 May 2011

    Can you enter the parameters as part of a channel entry, essentially replacing the upload entry? We would upload the document separately, say through the File Manager. We have a situation where we want to provide download capabilities in a secure fashion, to a specific user, of their documents that belong to them and only them. We could enter the parameters in a custom field, set aside for just this purpose… or did the documentation say that, and I just misunderstood?

    • Yuri Salimovskiy's avatar
      Yuri Salimovskiy 20 May 2011

      It is not possible to enter any parameter using channel entry fields. The only thing you can do withing a channel entry is to associate entry with download link using fieldtype.
      In your situation, you can restrict the download based on custom profile field.

  6. Geoff
    Geoff 02 Jun 2011

    I’d really like to use this module, but I can’t figure out how to.  Can you provide an example or two?  I’d really like to use the fieldtype, but when I select Protected Links as the fieldtype, nothing happens.  And when I create a link and try to display it, it does not appear…
    I think examples would be extremely helpful.  Thanks.

    • Yuri Salimovskiy's avatar
      Yuri Salimovskiy 02 Jun 2011

      Geoff, everything should be pretty straightforward. You create a link in Protected Links Control Panel (make sure you set ‘use as custom field value’ to ‘yes’). Create a custom field of ‘Protected Links’ fieldtype (named, say, ‘my_field’). Then, select the filename in dropdown for ‘my_field’. Save the entry. In your template, place an instance of {my_field}. On your pages you should see the download link.
      If you’re still not able to get this work, email .(JavaScript must be enabled to view this email address)

  7. John
    John 02 Jun 2011

    I have a similar situation as an above poster - I want to have a list of links for a user of documents that only belong to them. If I were to use this module, do I need to create channel entries for each document, with corresponding filetype upload, and somehow tag them to a user? Or is there an easier way? Can you expand on the “custom profile field” approach? Thank you. I have read through the documentation and cannot figure it out.

    • Yuri Salimovskiy's avatar
      Yuri Salimovskiy 03 Jun 2011

      Hello John,
      if you’re using Protected Links fieldtype, you can assign multiple links to the channel entry by using the fieldtype for P&T Matrix cell.

      “Custom profile field” approach means that the links are shown (and access granted) only if certain field in member’s profile matches certain value. It is defined for each link individually in module’s control panel.
      So, for example, you have ‘Group of files #1’. In the profile for each member who should have access, define a custom field named ‘Download access’ and give it value ‘Group of files #1’. Then, create link for each file in the group and grant access based on custom field ‘Download access’  having value ‘Group of files #1’. Next, add the links to the entries using fieldtype or to template using tag.

      You may also consider using Protected Links together with Entry access module. But note that it just hides the contents (including links, if any) - the links still need to be secured, if they contain confidential information.

  8. Erich
    Erich 07 Sep 2011

    I’m getting the error “You are not allowed to access this file” even with the parameter guest_access=“yes” included in the tag: {exp:protected_links:generate url='{research_document}’ guest_access=‘yes’ expire_in=‘5 days’ new_link=‘yes’ only_link=‘yes’ content-type=‘application/pdf’ filename=‘doc.pdf’}

    • Erich Quist
      Erich Quist 08 Sep 2011

      I’m getting the error “You are not allowed to access this file” even with the parameter guest_access=“yes” included in the tag: {exp:protected_links:generate url=’{research_document}’ guest_access=‘yes’ expire_in=‘5 days’ new_link=‘yes’ only_link=‘yes’ content-type=‘application/pdf’ filename=‘doc.pdf’}

      Appears this is working correctly, but only if the user is on the page where the link is generated, despite having set the deny_hotlink=”” parameter to no.


    Hello, my name is Yuri and I specialize in creating custom add-ons (plugins, modules, extensions) for ExpressionEngine CMS.
    You can reach me anytime by emailing .(JavaScript must be enabled to view this email address)