About Secure File

Store one or more files in a customized location, e.g. outside of the web root

Category 1Field Types
Fieldtype modules that represent a data type used by fields.
Category 2Other Modules
Modules that have a unique purpose not covered by existing categories.
Category 3Users and Access
Modules dealing with access in ProcessWire via Users, Roles or Permissions.
Release StateBeta
Close to stable, but users are advised to be cautious and test thoroughly.*
Module Version1.0.3
Class NameFieldtypeSecureFile
Compatibility2.6, 2.7
Date AddedAugust 14, 2015
Last UpdatedDecember 7, 2017
Recommended ByNew recommendations may take up to 1 day to appear.


This module's files should be placed in /site/modules/FieldtypeSecureFile/
How to install or uninstall modules



A ProcessWire Fieldtype storing files in a customized location, outside the web root. This module is primarily useful if you need to store sensitive data which should not be accessible directly from the web. Normally, ProcessWire stores all files under /site/assets/files. Direct URL access to these files can be restriced by setting $config->pagefileSecure = true. Still you need to make sure that your template permissions are setup correctly.


Please take a look at the following guide: http://modules.processwire.com/install-uninstall/


After installing this module, you can create a new field of type SecureFile. Enter your configuration under the "Details" section when editing the field:

  • Storage Location Enter a path outside the web root where the files are stored. You need to create the directory manually. Also make sure that the user running the web server has write permission.
  • Roles allowing to download a secure file Users with a role selected here are able to download the files if a download is requested via the API.
  • Allow Download in Admin If checked, users having a role selected above can download the files when editing a page.


If you want to download a secure file, you can call PagefileSecure::download(). This method also makes sure that the current user is allowed to download the file, according to the permission configuration.


$secureFile = $page->secureFiles->first();
$secureFile->isDownloadable(); // Returns true if the current user is allowed to download
$secureFile->download(); // Performs the check above and delivers the file via the wireSendFile() function