How to use WordPress to provide Confidential Documents

Leveraging the right Tools to provide Stakeholders with Access to Confidential Documents and Digital Assets

Showcasing project reports on your website for stakeholders to view, is one of the best ways to demonstrate your ability to attain project goals and objectives.

However, in many cases, you want to protect your original content, digital assets, ideas, inventions, and intellectual work. As such, you would not want other organizations or people to exploit and take advantage of your reports. 

Hence, restricting unwanted users from accessing and downloading your report files becomes a must.

With Groups and Groups File Access this feat can be approached easily, as these tools allow you to restrict and manage access to files based on group memberships.

In this guide, we explore how an organization that shares annual reports on its website can easily restrict access to its PDF project reports to stakeholders only.

You can also use Groups File Access with files stored on Amazon S3. Our tutorial How to protect Amazon S3 Files with WordPress for Members guides you through a complete example.

Here’s a preview of what we will build below:

Setting up a Group for Stakeholders

We’ll start off by using the Groups plugin to create a group, which we’ll assign all to our stakeholders. In this guide, we are using the name Partners as the group name. However, it is worth mentioning that this name can be anything you might prefer.

From your WordPress dashboard:

1. Navigate to Groups > Groups
2. Click on New Group
3. Enter Partners as the name of the group
4. Click Add

You can read more about how to create and manage groups in detail on this documentation page.

Adding User Accounts for Stakeholders

Next, we proceed by creating a simple user account for each stakeholder. Our stakeholders will use their account to access and download project reports. We are going to create one example account below. You would create an extra account for each stakeholder in the same manner.

Before proceeding with the account creation, make sure to have enabled the option Show groups in user profiles as this allows us to add the user directly to the Partners group we created earlier at the time of creating the user account. You will find this option documented here. Please navigate to Groups > Options and check the Show groups in user profiles option in the User Profiles section. Hit the Save button to save the changes.

Once enabled, from your WordPress admin dashboard, navigate to Users > Add New. Specify a username, email, and desired password which would be used by this stakeholder to download the annual project reports.

Adding our confidential Reports for the Partners Group

With our first stakeholder accounts created, we can add some assets that they are allowed to access. We are certain that once we protect our project files, only the stakeholders with authorized accounts can view and download our annual reports. Note that even if someone knew the link to a report, they would still be required to log in before the link would serve the corresponding file. Unauthorized attempts would be denied access.

To add a new file, from your admin dashboard:

1. Navigate to Groups > Files
2. Click on New File
3. Select the file and specify a Name, alongside a suitable Description of the asset.
4. Check the Partners group to restrict access to the file.
5. Click Add

It is worth mentioning that you can also set up an access limit for the file. The user must have accessed (downloaded) the file fewer times than the file’s access limit. The default setting grants unlimited access per user. You can read more on this here.

In our example, we have added two reports that will be available for our authorized users to access and download:

Creating a Page that provides the Reports

With our report files created and restricted, we can proceed to create a Reports page that provides all our annual reports to our stakeholders. For that, we are using a combination of blocks and shortcodes provided by Groups and Groups File Access. Our stakeholders must log in before they can access the files – the page will offer a login form for users who are not logged in, and a list of downloadable reports for those who are logged in and are authorized to access the files.

We will be using the Groups Non-member block together with the [groups_login] shortcode to render the login form:

This is how our page will present to plain guests that view it:

Next, we use the Groups Member block together with the [groups_file_link] shortcode to render access links to our report files.

Note that if we add new files for the Partners group, they will appear in the list rendered automatically. We don’t have to maintain an updated list of files manually, because we tell the system to render all files that are available to the Partners group.

Below we show how an authorized user will see our page. The page shows the two reports that are currently available and provides download links. Note that the files are protected from unauthorized downloads, i.e. you must be connected with an authorized account to be able to use the link.

In the short clip at the beginning of this article, you can see how an authorized user is accessing those files.

If you have any questions, feel free to comment below!

Image credits Young spruce tree sapling planted and growing in a clear-cut forest during early spring by Aaron J Hill and Person Using Macbook Pro on Table by ANTONI SHKRABA