Skip to main content

Protecting your WordPress static pages

Vasyl MartyniukRestricted ContentAbout 2 min

Before we delve into the protection process, let's clarify what we mean by "static pages" in WordPress. In this context, a static page refers to a type of page that operates independently of the WordPress core. Unlike typical WordPress pages, static pages are not controlled by WordPress core functionalities. This means that their content is not stored in the WordPress database, and they do not rely on executing WordPress core PHP files to render their content.

A prime example of a static page could be a file named mystaticpage.html, residing in the /wp-content/uploads/pages directory of your WordPress installation. These static pages are standalone and are not governed by WordPress's dynamic page creation and rendering process.

In other words - static pages are HTML pages stored on the server as files.

Protecting static pages

If you have static pages on your WordPress website that you wish to protect, follow these steps to ensure their security:

  • Install and configure the Protected Media Files Add-on. Start by installing and configuring the free Protected Media Filesopen in new window add-on for WordPress. This add-on serves as the foundation for safeguarding your static files and pages. You can find this add-on in the WordPress plugin repository and install it like any other WordPress plugin.

  • Confirm proper redirection and rendering. After installing the Protected Media Files add-on, it's crucial to verify that the redirects are working correctly, and your static pages are rendering as intended. This step ensures that the add-on is functioning correctly and that the protection measures won't disrupt your site's user experience.

  • Restrict direct access with the URL Access service. Once you are confident that the redirects are functioning smoothly and your static pages are being rendered correctly, proceed to restrict direct access to these pages using the URL Access service on the AAM page. Simply copy & page the URL to any static page and select "Deny" option.

URL Access Control For Static Page

Utilize wildcard feature (Premium)

For advanced protection of multiple static pages, consider using the wildcard feature, available exclusively in the premium Complete Package add-on. With this feature, you can create wildcard "Deny" rules to block access to entire groups of static pages.

For example, you can create a rule like /wp-content/uploads/pages/* to deny access to all pages located within the specified folder. This comprehensive protection is ideal for websites with extensive static content libraries.


Protecting your WordPress static pages is essential to maintain the integrity and confidentiality of your content. By understanding what static pages are in WordPress and following the step-by-step guide outlined in this article, you can fortify your website against unauthorized access and ensure that your valuable content remains secure. Whether you opt for the free Protected Media Files add-on or invest in the premium Complete Package, safeguarding your static pages is a proactive measure that contributes to a more secure and reliable WordPress website.