When the link (that will open in a new window) is clicked, the new window’s URL is (for example) … mywebsite[dot]org/resources/file.pdf (trying to make this not a real URL).
By deleting the “file.pdf” in the URL, and re-submitting the webpage, a user would have access to ALL the files in the Resources folder.
Is there a way to hide the URL for the linked file? Or, is there another way to protect files in Resources?
If I understand your question, you don’t want an index listing of the directory?
If that is the case and you’re running Apache as your web server, add the following line to the .htaccess file:
Options -Indexes
That should give someone an error ( 404 forbidden) if the full filename is not specified, other than default index files (index.html, index.php, etc.). This will NOT protect files in resources, only hide the directory index listing. If someone wanted to try a brute force or dictionary attack, they could still get to the files.
You didn’t say who you are hosting company, but most good ones have a knowledge base covering .htaccess files, and how to set them up.
Example:
Just as info… and another option: you can also use tools that will mask the real path to the file…
See: LinklokURL (not specifically a RW tool but it works fine with any site… I use this extensively.)
And here is a stack: https://seydesign.com/stacks/filesafe/
Note that I don’t use “Resources” so these may not be what you want but you could just upload the files to your server instead of using the RW Resources.