Hidden Files

SSSsshhhhhh...

Get Hidden Files Now!
Securely serve files stored in your ExpressionEngine site - even those embedded within Channel Entries or in Grid fields - via protected download links, rather than exposing them publicly.

Hidden Files enhances your site’s security posture by preventing direct file URL exposure. It offers a clean and manageable way to serve files dynamically within your templates, while retaining control over who can download them and when.

Summary

Feature Details
Purpose Secure controlled downloads of files associated with entries or Grid fields
Template Tag {exp:hidden_files:download_link}
Notification Method Email, with customizable recipients and alert criteria
Output Variables {hidden_files:url}, {hidden_files:title}
Context Parameters entry_id, field, field_id, col, row_id, file_id
Grid Support Yes - handles downloads from within Grid fields

Features

  • Allows for download of files stored within Channel Entries and as stand alone Files.
  • Works with the File field type even within Grid fields.

Protected File Downloads

  • Allows files added through the File field type or standalone files to be downloaded securely—not accessible via direct public URLs.

Grid Support

  • Works seamlessly with files stored inside Grid fields—a powerful feature if you organize content using nested structures.

Typical Use Cases

Secure File Sharing

  • Offer downloads of resources—PDFs, reports, images—only to authorized users, without exposing raw file URLs.

Content in Grid Fields

  • When managing media inside Grid-based layouts (e.g., multiple images per post), generate controlled access with ease.

Custom Download Workflows

  • Integrate with templates to style download links—use icons, labels, or button designs to match your site layout.

Frequently Asked Questions

Hidden Files is an ExpressionEngine add-on that lets you securely serve files through the CMS without exposing their real file system URLs. It ensures that files—whether uploaded through a File field, used in Grid fields, or stored standalone—can only be downloaded via special protected links.

Normally, if someone knows or guesses the direct URL of a file, they can download it—even if they shouldn’t have access. Hidden Files solves this by forcing all downloads through ExpressionEngine’s permission checks, making sure only authorized users can access them.

Yes. Hidden Files supports Grid FieldType and Fluid FieldType, meaning files stored inside structured or flexible field layouts can still be protected and served securely.

Yes. By using the file_id parameter, you can create secure download links for standalone files not tied to an entry.

Would you like help integrating hidden_files:download_link into a member-only download area or customizing it with button styling? Let me know—I’d be happy to assist!

Get Started