The User Private Files makes use of the .htaccess file to restrict the unauthorized access and makes a file private to the authorized users only. But the .htaccess file is available on Apache servers only. If you are using Windows server or hosting, you would need to make modifications to the configuration file called “web.config”.
Edit the web.config file and insert the following code and replace the [site_url] with your website’s full home page URL:
<configuration>
<system.webserver>
<rewrite>
<rules>
<rule name=”Redirect UPF Docs” stopprocessing=”true”>
<match url=”^wp-content/uploads/upf-docs/(.*)$”>
<action type=”Rewrite” url=”[site_url]?file={R:1}{QUERY_STRING}”>
</action></match></rule>
</rules>
</rewrite>
</system.webserver>
</configuration>
<configuration>
<system.webserver>
<rewrite>
<rules>
<rule name=”Redirect UPF Pblc” stopprocessing=”true”>
<match url=”^wp-content/uploads/upf-pblc/(.*)$”>
<action type=”Rewrite” url=”[site_url]?file={R:1}&pblc=true{QUERY_STRING}”>
</action></match></rule>
</rules>
</rewrite>
</system.webserver>
</configuration>
Save the file and test by pasting the URL to a file in a private browser window and it should give a permission error.