Password Protecting PDFs on Course Blogs

This is a quick note to myself, so I remember the best way to protect PDFs behind a password on a course blog. Joe Ugoretz highlights the problems with most methods, and then proposes the solution I’m using here: Ben Balter’s WP Document Revisions plugin. There are a few tricks involved to get WP Document Revisions up and running on a WordPress multisite installation. Here’s what works for me:

  1. Install WP Documents Revisions but do not network activate it.
  2. Install the Remove Date from Permalinks plugin on the network, but do not activate it.
  3. Install and network activate the WP Document Revisions Network Administration plugin. (Install by uploading network-admin.php into your plugins folder.)
  4. Change the WordPress network settings (Network Admin > Settings > Network Settings) so that the documents are uploaded to a folder outside of public_html. This prevents search engines from finding and indexing your PDFs, which is what will happen if you just use WordPress’s native password-protecting.
  5. On the individual course blogs, activate WP Document Revisions and the Remove Date plugins. Now you can upload PDFs and password protect them, using the “Visibility” setting under the Publish box on the right side of the screen. The Remove Date plugins will shorten the URL for the documents by removing the month and day from the permalink. I don’t think this is merely cosmetic; the PDFs will have a URL that exists apart from any date information. You will thus avoid that defining feature of most blogs, the tyranny of the calendar.