I have a website which is public available and there we have “internal” area, these are simply pages with the visibility set to protected.

So wordpress ask the visitor for the password (the password is for all users the same). In this internal area I want to provide a pdf for view and download but I don’t want that it is possible to “simply” guess the URL and download the file without authorization. All I found are several plugins which require that the user is logged in into wordpress as a user. But for this to work I would need to change the page more in depth I would be really happy if I could avoid this 😉

So does anyone know a way to make a file only available when the user is “authenticated” on a protected page?