Groups File Access

File downloads for authorized users

Groups File Access is a WordPress plugin that allows to provide file download links for authorized users. Access to files is restricted to users by their group membership.

  • Provide file downloads for Premium Members.
  • Allow registered users to download files from your site.


  • Restrict access to downloads to authorized user groups
  • Full multisite support (WordPress network installations)
  • File management area
  • Upload files via FTP and bulk import
  • File access notifications (customizable)
  • Flexible shortcodes: [groups_can_access_file], [groups_can_not_access_file], [groups_file_info], [groups_file_url], [groups_file_link], [groups_file_visibility], [groups_file_access_service_key]
  • Limited or unlimited number of downloads per user
  • Key authentication file access

Access to files is restricted by group membership. To be able to download a file, a user must be a member of a group that is assigned to the file. If an access limit has been set for the file, the user must also have accessed (downloaded) the file fewer times than the file’s access limit.

If you want to restrict access to a file to users that belong to a certain group, create the group, add the desired users to the group and assign the group to the files that the group should be able to access. More than one group can be assigned to a file.

Shortcodes are used on posts or pages to render links to files, provide information about files and conditionally show content to users depending on whether they are allowed to access a file.

For example, the [groups_file_link group="Premium"] shortcode renders links to files that members of the Premium group can click to download the files.


See the Groups File Access product page.

The GFA PDF Viewer is a free integration with PDF Viewer.


See the Groups File Access documentation pages.


Please visit the Demo site.

823 Responses to Groups File Access

  1. Dwight August 18, 2022 at 3:50 am #

    I am testing the Notification for file downloads. This is not exactly what I want, but would allow me to understand how many of our users are downloading files.

    However when I enter break html tags in the “Notification email message” (body) they are removed when I save the configuration. Is this working for anyone?


  2. Rodrigo April 1, 2022 at 10:10 am #

    Hi, I purchased Groups File Access years ago in code canyon. I want to know if there is any chance to modify the plugin to accept a dropbox link to a file instead of a server file. I will purchase it again if this option could be available or you can send me how to do it with your code.

    Thanks in advance

    • Kento April 4, 2022 at 1:07 pm #

      Hi Rodrigo,

      For links, such as those pointing to a file on Dropbox, a simple way would be to use a block or shortcode to protect it. You could use the Groups Member block or the [groups_member] shortcode to place the link inside and limit access to group members.

      This would thus be handled by Groups itself, not by the extension. You could still use the extension to protect files that reside on the server and use the above ways for the Dropbox links.


      • Rodrigo April 7, 2022 at 8:42 am #

        Hi Kento,

        Thanks a lot for the reply. That sounds like a good solution, the only thing I’m missing is I would like to restrict to one access to file, so this is not available on the blocks and shortcode workaround as far as I know.

        • Kento April 7, 2022 at 9:17 am #

          I think the closest you can get to this with Dropbox would be to set those links to expire (they seem to offer that option as Shared link controls under their Business pricing plans). It doesn’t let you control the number of accesses, but it would let you set an expiration date on links.

          Another option based on expiration would be to use our Groups Drip Content extension, its Shortcodes provide a way to reveal their protected content for a certain period.

          Another way would be to implement your own shortcode, you can find an example of how to implement a shortcode for Groups with groups-cmember which is derived from the [groups_member] shortcode provided by Groups.

  3. AbigailM November 15, 2021 at 6:27 am #


    I have Groups File Access 1.9.0 and a message in the wordpress dashboard that an update is available — but the link to “View version 2.0.0 details” says “Plugin not Found” — and the plugin is no longer available at Envato (which is where I purchased it).

    So my question is how to update? And is the update compatible fully compatible with the previous version?

    • Kento November 15, 2021 at 9:12 pm #

      Hi Abigail,

      If you purchased it on CodeCanyon recently and it is still eligible for a refund, then please request a refund for it and then just place a new order here Groups File Access.


      • AbigailM November 15, 2021 at 9:26 pm #

        No, I purchased this several years ago. I want to know what my update options are going forward.

        • Kento November 15, 2021 at 9:33 pm #

          In that case I would suggest to place an order with us directly here Groups File Access. We have decided to wind down all products that were available on the marketplace as the sales model was unsustainable. The cost of maintaining the products, continuously improving them and making sure that they are compatible with the latest technology, simply outweighed the single payment to get access to them by far. So to guarantee that we can continue with our commitment to provide quality products, we make them available in those cases where it makes sense in our Shop.

          • AbigailM November 15, 2021 at 11:17 pm #

            Thank you, but I still don’t have an answer to my question: ” how to update? And is the update compatible fully compatible with the previous version?”

            If I purchase the plugin from your site and download the zip file, is it FULLY COMPATIBLE with the earlier version, and can I simply update using the WordPress utilities for plugin updates. (Or will I have to uninstall & reinstall)

            If I buy the plugin from your site, will that include future updates? If so, for how long? (for example, 1 year? 6 months?) Will there be an option for automatic updates, or will I have to update manually each time?

            • Kento November 16, 2021 at 12:15 am #

              Thanks Abigail, for license updates and support details please see Terms & Conditions (TL;DR you get a year as of purchase). Yes it’s going to be fully compatible so you could simply update. The new version supports automatic updates via our updater, when you have the new version installed, it will instruct you what to do.

          • AbigailM November 15, 2021 at 11:19 pm #

            Also, is there a place where I can see the change log between version 1.9.0 and 2.0.0 ?

            • Kento November 16, 2021 at 12:15 am #

              From the changelog for the new release:

              * WordPress 5.9 compatible.
              * Requires at least WordPress 5.5.
              * Fully revised edition including enhancements.
              * Fixed output rendering in administrative sections which included undesired slashes in some cases for group names.
              * Fixed output rendering in exports and scans which included undesired slashes in some cases for group names.
              * Full code and code documentation review including validation fixes and improvements.
              * Revised the file server and made it more resilient to potential undesired output produced while trying to attend a file request.
              * Added the option to specify an alternative notification email instead of the site administrator’s email for file access notifications.
              * Revised and improved the MIME type recognition.
              * Translation template updated.
              * Updated the extension’s database schema adding creation and update timestamps.
              * Added support for automatic updates, exclusive to valid account memberships on via Itthinx Updates.
              * Revised several administrative user interfaces.
              * Revised and enhanced the Files overview.
              * Added columns to the Files overview showing when entries were created or updated, with added support to sort by those criteria.

      • Rodd Kennedy November 15, 2021 at 9:29 pm #

        Related question to AbigailM:

        I got mine from Code Canyon in February with a year of support.

        I have Itthinx Updates installed and configured. Will that year of support still be honored?

        If so, when does the plugin do its updates?

        • Kento November 16, 2021 at 12:11 am #

          Hi Rodd,

          Yes, we do provide support within the terms of your purchase. There will be no further updates via CodeCanyon, but you can still access the last version released there. If you would like to support the continued development of the new version, we would of course appreciate it if you would update by getting the new license directly here Groups File Access that would include access to updates and support for a year as of the date of your purchase.


  4. Giulia Boiocchi October 11, 2021 at 1:28 pm #

    Hi! I have the basic version Groups plugin, I’m trying to figure out which extension is right for me. I should make sure that users in a group can only edit posts in their group. Thank you

    • Kento October 11, 2021 at 3:17 pm #

      Hi Giulia,

      Thanks for using Groups – for details on its functions please refer to its documentation – regarding your particular question on restricting edit access, the plugin does not offer edit restrictions although we are working on a more detailed access restriction model which can provide that kind of capability in the future.


  5. Rodd July 13, 2021 at 10:21 pm #

    feature request for shortcode: groups_file_info
    under show – add a ‘lastupdated’ attribute that shows when the file was last modified

    • Kento August 9, 2021 at 10:56 am #

      Hi Rodd,

      I think that’s a good idea, thanks for suggesting it. We’ll add this!


  6. Jeff June 28, 2021 at 8:17 pm #


    We recently purchased group file access to see if it will fit what we’re doing for our new website and so far it’s been going pretty well.

    What we wanted to know is if it’s possible to edit the paths for the files that are being stored, for example instead of ‘/code/wp-content/uploads/groups-file-access’ we wanted to place files in ‘/code/wp-content/uploads/groups-file-access/0001’ or ‘/code/wp-content/uploads/groups-file-access/0002’ and use these different folders for each customer to separate .zip files with the same name.

    We want to do this because the way we package our software for our customers is each .zip will have the same name but the contents will be different. But the issue we’re running into is we can’t seem to upload .zip files with the same name using the add file function as it gives an error saying we can’t upload a file with the same name. So is there any way we can work around this using the addon?

    • Kento July 1, 2021 at 12:40 pm #

      Hi Jeff,

      I think that the easiest approach would be to allow to add files with the same name via an upload option. When stored, they would have to be renamed automatically so they don’t clash with the existing ones.

      Regarding protected folders, those would be great to have. See my comment on a similar recent question – there seems to be increasing interest in that and I would agree that it makes a lot of sense to have.


      • Kento July 1, 2021 at 12:44 pm #

        I forgot to say, the option I mention would have to be added yet and we’re taking note to add it. Meanwhile, you would have to rename the files, e.g. you could maintain the base and append something that makes it unique e.g. “…-1.ext”, “…-2.ext”.

  7. Gerd June 24, 2021 at 9:03 am #


    we are interested in the Extenson “Groups File Access”:

    From the information we have read on your site, this looks like the right extension
    for us. However, the specifications for our website are a bit complicated, and we may
    find after a few days that it’s not what we are looking for.

    Is there something like a (30-day)-money-back-guarantee when we purchase this


    • Kento June 24, 2021 at 12:38 pm #

      Hi Gerd,

      Thanks for your interest in the extension. As this is sold via CodeCanyon, I would advise to review the Customer Refund Policy. As far as we are concerned, we would grant you a refund if you have found out that it’s not suitable for your purposes within a reasonable amount of time.

      I would also recommend to contrast your requirements against the extension’s documentation. If you have very specific requirements that are not covered by its features, it would not be advisable to use it.


      • Gerd June 24, 2021 at 1:22 pm #


        so…whenever we’d like to return the item would be in the cases of
        “The item did not meet your expectations”
        “You bought an item by mistake”

        CodeCanyon says they don’t have to apply money-back in these cases.

        But you say “we would grant you a refund if you have found out that it’s not suitable for your purposes within a reasonable amount of time.”

        So, does this mean that CodeCanyon willnot return money, but you would?

        I believe that this extension meets our requirements, but they keep on changing , so there is a slight chance that it might just be the wrong choice 🙂


        • Kento June 24, 2021 at 3:27 pm #

          Hi Gerd,

          For this the sales are handled via the marketplace, as are potential refunds. We would simply approve it and it would be handled by the marketplace.


          • Gerd June 25, 2021 at 6:57 am #

            Thanks you for your answer…but what does it mean?

            Would we get a refund in the cases of
            “The item did not meet your expectations”
            “You bought an item by mistake”
            or not?


            • Kento June 28, 2021 at 12:43 pm #

              Hi Gerd, it means that we adhere to the marketplace rules as per the Envato Market Refund Rules and when a valid refund request is submitted, it will be honored as per the rules. I have already explained the cases you refer to in my previous replies, it’s very simple.

              • Gerd June 29, 2021 at 11:27 am #

                I am sorry to say that it’s not so simple to me…this is why I ask. I received 3 different answers from you.

                In your first answer you wrote “As far as we are concerned, we would grant you a refund if you have found out that it’s not suitable for your purposes within a reasonable amount of time.”
                This to me means “YES, there will be a refund.”

                Your second answer said “the sales are handled via the marketplace, as are potential refunds. We would simply approve it and it would be handled by the marketplace.”
                This to me means “MAYBE…we will say yes but the Marketplace decides in the end”

                Your third answer said “Please see the Envato Market Refund Rules”, and there it says “Neither Envato nor authors are obliged to give policy refunds in any of the situations listed below: … The item did not meet your expectations”
                This to me means “NO, there will be no refund”

                Can you clarify and tell me which answer is the right one in my case…YES, MAYBE or NO ?


                • Kento June 29, 2021 at 10:38 pm #

                  No, the replies are not different, they clarify. You should take your decision based on the information provided. We adhere by the marketplace rules and are very reasonable about how we handle refund requests. If this is not clear enough to you, I would advise not to purchase.

                  • tim June 30, 2021 at 8:44 am #

                    This thread about risking $29 has gone on quite a long time now. We’re all getting notifications for every reply 🙂 Hope you make a decision soon lol.

                    • Kento June 30, 2021 at 9:06 am #


  8. Claudia Sanders June 21, 2021 at 10:40 am #

    I´m just wondering if there is a chance not only to protect single files but even a whole folder? I have tried to upload a folder, but groups gave me an error report. Thank you for your answer 🙂

    • Kento June 21, 2021 at 5:40 pm #

      Hi Claudia,

      Thanks for mentioning this, it would make things a lot easier if you want to maintain folders and lots of files in them.

      Currently the extension is only designed to protect individual files, so a direct solution for you would be to zip the folders that contain the files instead. You can then upload the zipped folders and let users download those.

      We will take note of your suggestion, it has been asked for before. The reason we haven’t added such a feature yet is because it has technical complications that require a substantial redesign and development effort.


  9. brandon ames June 9, 2021 at 10:30 pm #

    Getting the following: An error occurred while updating Groups File Access: Before you can receive product updates, you must first authenticate your Elegant Themes subscription. To do this, you need to enter both your Elegant Themes Username and your Elegant Themes API Key into the Updates Tab in your theme and plugin settings. To locate your API Key, log in to your Elegant Themes account and navigate to the Account > API Key page. Learn more here. If you still get this message, please make sure that your Username and API Key have been entered correctly

    I have verified and re-updated username and api key. Please let me know what other options and if there is a better place for support.

    • Kento June 11, 2021 at 8:49 am #

      Hi Brandon,

      You are trying to use an updater which is not related to Groups File Access.

      To update Groups File Access, please follow the process documented here – you simply upload the new version and confirm to WordPress that you want to replace the previous version.


  10. Enrique April 29, 2021 at 11:12 pm #

    I’ve just purchased the product at codecanyon and have a question.

    Links work great, but although the files directory is htaccess restricted, the real file url itself is still accessible by anyone even loggedout users. Which means that anyone that has already downloaded the file once, can easily guess that real URL just by appending it’s name to the directory path and share it with anyone 🙁

    So… is there a way to rename the user downloaded file? This way the downloaded file and the server hosted one wouldn’t share the same name making it much harder or impossible to guess the real URL.

    Thanks in advance!

    PS: Do u have a more private way for support?

    • Kento May 6, 2021 at 2:03 pm #

      Hi Enrique,

      Thanks for using the system! You mention that your files are still accessible, but files that are protected by the plugin won’t be. Maybe you’re confusing “normal” files uploaded via the Media section with those handled by the plugin? I’d advise to review the documentation of the extension and make sure that you understand the difference.


      • Enrique May 6, 2021 at 5:08 pm #

        Hi Kento,

        I know the difference between those two 😉

        The files uploaded with your plugin are only protected when u access from the generated custom link, but when u access from the real URL of the file (eg: u have no access restrictions at all…

        Your plugin’s upload folder URL itself ( it is protected, but not the files inside it.

        So anybody who knows your plugin, knows your plugin’s upload folder URL, so once they have downloaded the file from their generated custom link, they just have to append the file name to that folder URL and they gain unlimited access and can share it with anyone 🙁

        U could rename the file downloaded to something different so the user couldn’t guess the real URL, or u could even generate a custom folder name for every installation of the plugin, so my folder URL wouln’t be the same as the rest of the world.


        PS: How come u don’t have a proper support system for a paid plugin? I don’t think a public comment is the right way for sharing sensitive info about your plugin as we’re doing right now… Also, it is really hard to follow up “support tickets” when the only way u have to find it is scrolling through a long comment list…

        • Kento May 8, 2021 at 11:22 am #

          Hi Enrique,

          > Your plugin’s upload folder URL itself ( it is protected, but not the files inside it.

          No, this is incorrect. You should check whether you need to take additional steps to make sure that on your server the files are effectively protected. This is on documented File Access – note that if you are using nginx you must update its configuration file as documented there.


          • Enrique May 8, 2021 at 3:46 pm #


            I didn’t know about that, but I’m glad u thought obout it and documented it 😉

            Since nginx is really common, I think it would be a great idea to mention that at the plugin description before purchasing it because without that in place the plugin out of the box is pretty unsecure.

            I think is really easy to setup a ticketing system, u are devs, come on… I really think this comment way of managing our issues for a paid support is really lazy.


            • Kento May 13, 2021 at 11:39 am #

              Hi Enrique,

              We always encourage to review the documentation for any of our tools. In cases where access-sensitive resources are involved, the server administrator should certainly make sure that the environment and tools used are an appropriate fit. We’re certainly here to help and advise on the usage of our tools


  11. MRk February 13, 2021 at 4:43 pm #


    Can notifications be sent to all with file permission when a file is updated? Can permissions be set to allow uploads and disallow deleting by users?

    Many thanks

    • Kento February 16, 2021 at 12:20 am #

      Hi, at current this wouldn’t be possible. Cheers

  12. Andrew Schmitt January 5, 2021 at 9:05 pm #

    Hi, long time user of GFA. We’ve had a few cases of users downloading MS Office 365 files (.pptx, .xlsx) and having them show up as .zip files. We’ve identified the problem – Groups File Access is classifying these as MIME type .zip. Our .pdf file uploads are correctly identified as MIME Type: application/pdf

    The .pptx files are indeed .zip binaries, so rather than the extension being used for MIME classification on upload, something is snooping the file and overriding the choice. Looking back at years of uploads, all of our .ppt and .xlsx files are classified as MIME Type: application/zip, so this isn’t a recent change, only something we’ve discovered recently.

    How does GFA do MIME classification? Does it use the WordPress lookup table or do its own classification? Or is it something unique about our setup that is causing files to be improperly classified?

    • Kento January 9, 2021 at 7:18 pm #

      Hi Andrew,

      Thanks for using our software, I’m always happy to hear from users who have been with us for a while!

      From what I see, yes, these are indeed zipped XML files and a browser would correctly identify them as a zip file. But when downloaded, they would be served as is – I’ve done a quick test with an Excel .xlsx file and in this case using Firefox says You have chosen to open: test.xlsx which is: ZIP file (5.1 KB) … downloaded it and got the test.xlsx in my Downloads folder.

      The MIME type is likely not known to your server, you would have to add the proper MIME types in your server’s configuration, for example as explained in Properly configuring server MIME types.


      • Andrew Schmitt January 13, 2021 at 10:57 pm #

        Thank you for the reply. If I upload the .xlsx file via the WordPress Media Library, the file type is correct. It’s only when I use the plugin that it is being identified as a .zip. The server appears to be classifying it correctly and WPEngine support indicated xlsx recognition is built into core wordpress.

        The issue is some users who use Firefox end up with a zipped file in the directory rather than an .xlsx. Is there some way for your plugin to just use WordPress classification rather than trying to do it on its own?

        • Kento January 15, 2021 at 5:22 pm #

          Hi Andrew,

          Ok thanks for checking that. I thought that it would only rely on those being set properly but I might be wrong. We’ll check things on our side with the extension to see if there’s anything we’re missing. If yes, then we will of course issue an update.


          • Andrew Schmitt January 15, 2021 at 6:16 pm #

            Thank you!

  13. Anna December 8, 2020 at 10:24 am #

    Hi – Used your plugins for years and it works always fine. Now WordPress got updated to latest version and the code [groups_file_link group="NAME" description="yes" order="desc"] doesn’t work. It is just visible on the page itself like that. I updated the plugins but without luck.

    Any ideas?

    • Kento December 8, 2020 at 10:45 am #

      Hi Anna,

      Thanks for using our software! The extension works fine with the latest version, so that would not be the issue. You either got yourself the plugin deactivated, thus the shortcode would not be processed, or there is something else on your setup that is messing with how page content is processed.


      • Anna December 8, 2020 at 11:38 am #

        Hi Kento,
        Thanks for responding so fast.
        But both Groups and Groups File Access plugins are Active in the Plugins section.

        But there is a note on the welcome screen in WP saying:
        WordPress has detected that your site is running on an insecure version of PHP.
        Can that be a reason?

        • Kento December 11, 2020 at 11:25 pm #

          Hey Anna, I seem to have missed this comment … no, that would not be an issue at this stage.

      • Anna December 10, 2020 at 2:48 pm #

        Hi Kento,
        Thanks for responding so fast.
        But both Groups and Groups File Access plugins are Active in the Plugins section.

        PHP has also been upgraded. So what can possibly be the reason?
        I’m a bit afraid of trying things out – f.e. if I uninstall the plugin and install it again, do my files and users stay there? It’s lots of files after all those years, since 2014!!


        • Kento December 10, 2020 at 9:39 pm #

          Hi Anna,

          You’re very welcome! If both are active and the shortcode is not being processed, then I would say it’s definitely an issue caused either by your theme, customizations or another plugin. I would recommend to check what else has changed on your site and you should be able to trace it back to that. Also you could try enabling debugging to see if there are any errors coming up in the debug.log.


          • Anna December 11, 2020 at 9:37 am #

            Hi Kento,
            I turned off the other plugins, didn’t change!
            I checked the versions of Groups which is 2.11.1 and Groups File Access which is 1.0.13 on this web. Is that maybe it, when I start digging I saw the latest version of Groups File Access is now 1.7.0 – so this plugin probably didn’t update to that version! Is it ok if I manually update Groups File Access? I’m a bit nervous doing that due to all the files managed via this plugin.
            So looking forward to hear from you.

            • Kento December 11, 2020 at 11:24 pm #

              Hi Anna,

              Yes I would certainly recommend to update to the latest version, just make sure to create a full backup of your site and database as good common practice. With the latest versions of WordPress, you can simply download the latest plugin zip file and go to Plugins > Add New > Upload and update the plugin without having to deactive or remove the older version. Please make sure that you don’t have any of the “delete data” options enabled in Groups or the extension before you do this, just out of precaution.


  14. David S October 23, 2020 at 5:26 pm #

    I need help with WP MULTISITES and Groups/Groups File Access.

    I am using Groups and Groups File Access with a multisite to limit pages and files so they are only available to users that are logged in to a particular sub-site, at two different permission levels.

    The multisite is for different condo properties. The issue is that WP gangs all users together so I was going to make two different capabilities for each property with “resident” and “board” and two groups of the same types and then assign the groups to pages & files. I would name each with a prefix of the community so users cannot access other communities (ex: wsb_res and wsb_board, acg_res and acg_board). When I create a user, I would assign what community and permission that user has by assigning the group.

    MY BIG PROBLEM: I just realized that you are using the IDs of the categories and groups and not the names. Since each WP sub-site has its own Groups table, the IDs are being reused so a user from one site can now log into another site and access pages & files – even with different group/category names.

    How can I: 1) Maintain a single groups table for all sites, or 2) Specify the ID number so I can ensure each entry is different? Or do you have a different solution?

    I need each sub-site to have two unique groups so a user can only access restricted pages & files on their own single site. Even if WP lets them log in elsewhere, they won’t have access to restricted content.


    • Kento October 23, 2020 at 9:04 pm #

      Hi David,

      In a recent release we introduced the groups_get_table_prefix filter which you can use to have it refer to a single set of tables instead of using different ones per multisite. I guess that this would allow you to approach it easily.


      • David S October 23, 2020 at 9:18 pm #


        Thank you for your reply. I’ve looked through the docs but I am not seeing any information on groups_get_table_prefix. How would I implement this?

        Would it allow me to use a single Groups table for all pages and files, like only the master site one?


        • Kento November 1, 2020 at 8:26 pm #

          Hi David,

          I would rather recommend to have a look in the code itself where the filter is used. From there it’s pretty obvious – if you are not familiar with the use of WordPress Filters, you should definitely get help from a qualified developer as the implications can be deep.

          Regarding your question, the answer is no, there are several tables involved that Groups creates and uses. The difference would be that it can use one set for all sites instead of one set per site.


      • Dave S October 29, 2020 at 12:08 pm #


        I *REALLY* need your help. I have a sub-site ready to go and am getting calls daily on when users can log in but I’m stuck on the fact that Groups uses separate tables for each sub-site but the ID cannot be the same.

        This one site has 176 users with two possible permission levels so I have to add 352 entries. With the current system, I’d have to add 352 dummy entries to every table to hold just this one site’s places so the IDs are unique! The second site will require these 352 plus its own users, and so on. I’ll be in the thousands of entries for each table with just a few sites.

        You mentioned the groups_get_table_prefix and it sounds like it will enable me to use a single table which would solve this issue. I really need some direction on how to implement this *ASAP*. Please, please, please. Users are wondering why they can’t log in to their new site and what is taking me so long, and this is the only reason. The site is (edited as per your request).

        Thanks in advance for your understanding and assistance.


        • Kento November 1, 2020 at 8:36 pm #

          Hi Dave,

          I’ve replied to an earlier comment of yours here. Reading your additional comment here, you would definitely benefit from seeking help from a qualified developer who is familiar with how actions and filters work within WordPress.


  15. Milesg October 20, 2020 at 5:23 pm #

    Hi, is there a shortcode or other easy way to output all the files – only showing those the current user has access to?

    • Kento October 22, 2020 at 3:25 pm #


      Yes indeed there is, as documented here, you can use [groups_file_link group="*"].


  16. Julian October 15, 2020 at 2:35 pm #

    Where can I find old versions please?

    We have this plugin on our site, however a developer who no longer works with us customised it for some specific requirements. He didn’t use git very well, so we are faced with a problem with upgrading the plugin – we can’t cleanly see what is custom and will need to be repeated.

    If I could get hold of clean versions from 1.6.3 onwards I could build up a change history in git and diff against his mods – this would then allow us to keep upgrading and re-apply our changes each time.

    I logged in to Envato but that only has the latest version.

    Any suggestions please?

    • Kento October 17, 2020 at 12:27 pm #

      Hi Julian,

      Thanks for using our tools! We do not provide old versions and I would suggest to avoid any modifications to the extension itself and rather do any customizations outside of it where possible. But if you need to figure out where your previous developer has made changes, you could start by doing a $ diff -r -q your-version-folder current-version-folder to see which files have been modified and then dig into them deeper. Again, hacking the extension itself and maintaining it in that way is not something I can recommend, it would at least require a very disciplined approach to be able to maintain it, which your previous developer obviously didn’t apply. Try to put any customizations outside of the extension and use existing filter and action hooks instead. If you discover that you need any additional action or filter hooks, feel free to suggest them and we’d be happy to take your suggestions into account.


  17. Rodd August 17, 2020 at 9:37 pm #

    I have what I am considering a bug. I installed groups and it works pretty well for managing parents.

    I paid for File Access and discovered that it doesn’t support parents.

    Can you either fix it, or add an option or a checkbox that allows the system to recognize parents.

    Group A
    – Sub-Group 11
    – Sub-Group 12
    Group B
    – Sub-Group 21
    – Sub-Group 22

    If I assign Group A to a file, I would expect Sub-Groups 11 and 12 to automatically gain access.

    • Kento September 21, 2020 at 11:45 am #

      Hi Rodd,

      Thanks for your feedback on this. I think that it would be interesting to have the option but not necessarily make it as the default.


  18. Tim H August 13, 2020 at 3:16 pm #

    When a visitor tried to download a file that is protected by Groups (Files add-on) they get a page that says “Forbidden. You don’t have permission to access this resource on this server.”

    Is there a way to change this message to something less frightening to users, or preferably redirect the user to another page explaining what went wrong.

    • Kento August 14, 2020 at 1:59 pm #

      Hi Tim,

      You could customize the error responses that your server issues and set up redirects, see Custom Error Responses from the Apache documentation for example.


      • Timothy Houghton August 17, 2020 at 8:54 am #

        Hi Kento,

        Thanks for the reply but unfortunately it doesn’t appear to do anything.

        I’ve put:
        ErrorDocument 403 ‘Test message.’
        into the root htaccess file, but the message from Groups File add-on doesn’t change.

        • Timothy Houghton August 17, 2020 at 8:56 am #

          The above quotes were formatted by the comment system. I’ve tried :

          ErrorDocument 403 “Sorry, our script crashed. Oh dear”
          ErrorDocument 403 “Test message.”
          ErrorDocument 403 /403.php

          None of them do anything. If I try and access a Group Files add-on file, I still get the same “Forbidden, You don’t have permission to access this resource on this server.” message.

        • Kento September 21, 2020 at 1:58 pm #

          Hi Timothy,

          For questions related to configuring Apache I would recommend to ask for help on more specific sites such as for example, as we can’t really go into everybody’s configuration.


      • Timothy Houghton August 17, 2020 at 9:51 am #

        By the way, the error message I’m getting now (from Groups / Files add-on) is this: “You don’t have permission to access this resource on this server”. When I google this exact phrase the only results are from Groups plugin. Are you sure this isn’t already a custom error document? I don’t seem to be able to override it with Apache ErrorDocument directives.

        • Kento September 21, 2020 at 2:03 pm #

          Hi Timothy,

          This message is not produced by Groups File Access nor Groups, but by the Apache server. If you changed your configuration, remember that you should restart Apache so it reflects the changes – edit : looks like I got confused here for a moment, let me revise it and follow up.


      • Timothy Houghton August 17, 2020 at 9:56 am #

        … I’ve found this in class-groups-file-access.php:

        if ( $code !== null ) {
        switch ( $code ) {
        case 403 :
        $title = ‘403 Forbidden’;
        $heading = ‘Forbidden’;
        $message = ‘You don\’t have permission to access this resource on this server.’;
        case 404 :
        $title = ‘404 Not Found’;
        $heading = ‘Not Found’;
        $message = ‘The requested URL was not found on this server.’;

        • Kento September 21, 2020 at 2:12 pm #

          Ok thanks for pointing me to those, I was convinced that the plugin didn’t produce them and was obviously wrong! I think we can simply add a couple of filters so one can customize the output. We’ll prepare an update to include them, thanks for your patience and for digging into it!

  19. Pat August 2, 2020 at 6:22 pm #

    Are the member-protected files (such as PDFs) handled as WordPress posts? We are evaluating this plugin for a project that will restrict a large number of PDFs to various groups, and the PDFs need to be included in the site’s search results. I usually use the premium version of the Relevanssi search plugin for this, but it will only index WordPress posts (including the “attachment” post type).

    Per Relevanssi’s website, “Since Relevanssi is a WordPress search, Relevanssi operates on WordPress posts (including all the different post types). So, in order to have Relevanssi index your PDFs, they need to be WordPress posts. That’s fortunately really simple: just upload your PDF files to the Media library, and they become posts with the post type of attachment.”

    We have purchased and installed the Groups File Access plugin for testing, and I’m noticing (using default WordPress search) that terms in the PDF title and descriptions are not appearing in search results. Is there a method for including the protected files in the WordPress search results?

    • Kento August 5, 2020 at 2:01 pm #

      Hi Pat,

      Thanks for using the extension!

      > Are the member-protected files (such as PDFs) handled as WordPress posts?
      No, they are held protected as the original files.

      > “… just upload your PDF files to the Media library, and they become posts with the post type of attachment.”
      When you upload a PDF to the media library, a post of type attachment is created which hold a link to the PDF, but that doesn’t imply that the whole PDF “becomes” an attachment post which would reflect the full content of the PDF. It will usually hold its title and link to the uploaded PDF. Whether the search plugin will handle the contents of the attachment and consider them for searches or not I don’t know. Keep in mind that even if you protect an attachment page with the Groups plugin itself (not Groups File Access), the actual attachment is still unprotected and anyone who knows the URL to the attachment can easily access it directly. Groups File Access contains the files separately (out of the Media Library) and controls access to the files to be able to protect them. See the File Access section in the documentation for details on that.

      > “…that terms in the PDF title and descriptions are not appearing in search results…”
      That’s correct. They are not included because they are not visible to the search unless you make their titles visible by included references or use the extension’s shortcodes to point to them in a post for example. Please have a look at the Shortcodes and Examples sections in the documentation.


  20. Luis Aragao June 19, 2020 at 4:19 pm #

    I am looking for a plugin that allow tracking of downloads from memberships. I need not only to know how many downloads for each file but also which downloads were made by each member. Is this possible with your plugin?

    • Kento June 30, 2020 at 11:33 pm #

      Hi Luis,

      Thanks for asking! At the moment, the extension does not provide details on downloads per user.


  21. Angga December 4, 2019 at 9:29 am #

    first I bought this plugin for the URL But why isn’t it working now? Please help me.

    • Kento December 4, 2019 at 10:33 am #

      Hi Angga,

      What exactly doesn’t seem to be working on your site?


      • Angga December 9, 2019 at 7:40 am #

        I can’t upload files and on the bottom of admin page it says “Copyright itthinx – This plugin is provided subject to the license granted. Unauthorized use and distribution is prohibited.”

        • Kento December 10, 2019 at 1:24 pm #

          Sure, simply follow the instructions as documented in the Files section of the documentation.

  22. Foxglove November 17, 2019 at 8:10 pm #

    I am unable to open any documents listed in Groups File access. The wp-content/uploads/groups-file-access folder has an empty index.html and a .htaccess file with “deny from all”. All the files are in the same group, and multiple users who belong to that group, including the admin, cannot access any of the files. The message from Chrom (Win 10) is “No webpage was found for the web address:“. Firefox just gives a blank page.

    Running Groups Version 2.8.0, Groups File Access Version 1.6.4

    This same question was asked on 11/13, 4 days ago, on I can’t figure out how to get an account so I can add to that thread.

    • Kento November 19, 2019 at 1:14 pm #


      I would recommend to review if your server tries to apply any rewrite rules or redirects such requests instead of letting them through so the system can handle them. You might also have a conflicting plugin which removes parameters or interferes with the requests. Another issue could be related to caching, especially if you have caching enabled for users who are logged in – that should be disabled for file requests via the gfid URL parameter.

      Also take into account that for nginx, the system requires a rule which is documented here:


      • Foxglove November 26, 2019 at 10:27 pm #

        Turns out the host migrated us to a different server. As a result, all the URLs in Groups Files have the old URL /home1/oranjccr/public_html/…… They need to be /home3/oranjccr/public_html/……

        We have 71 files. Is there any way to make this change without redoing everything?

        • Kento December 2, 2019 at 7:28 am #


          Yes, this can be done in two ways:

          1) Using a direct update query run on the database (as indicated in the lower section of this documentation page Moving to another Server – make sure to create a backup of your site and database before you run the query).


          2) Scan and import files as described in the File Import section.


    • Angga December 4, 2019 at 10:59 am #

      there is a message: :

      Copyright itthinx – This plugin is provided subject to the license granted. Unauthorized use and distribution is prohibited.

      what is the cause ?, I used to buy it

  23. Robert McKay November 14, 2019 at 8:54 pm #

    I have bought the newer version of Groups File Access but have the older version installed. However, the newer version fails to install. So how do I update the Groups File Access plugin?

    • Kento November 15, 2019 at 4:40 pm #

      Hi Robert,

      Simply deactivate and delete the old version. Make sure to do that from your WordPress dashboard under Plugins > Installed Plugins. Then use Plugins > Add New to upload the new version’s zip file and activate it. Detailed steps are on


Leave a Reply

We use cookies to optimize your experience on our site and assume you're OK with that if you stay.
OK, hide this message.

Affiliates · Contact · Jobs · Terms & Conditions · Privacy Policy · Documentation · Downloads · Useful Plugins · My Account