By default the real location of an uploaded file is hidden. The download URL will be generated with a security token to prevent guessing or enumeration attacks to discover the location of other files. The gform_require_login_pre_download filter can be used to require the user be logged in before the download URL will allow access to the file.


The following would apply to all forms.

add_filter( 'gform_require_login_pre_download', 'your_function_name', 10, 3 );


  • $require_login bool

    Does the user need to be logged in to access the file? Default false.

  • $form_id int

    The ID of the form used to upload the requested file.

  • $field_id int

    The ID of the field used to upload the requested file.


1. Require login for all forms

add_filter( 'gform_require_login_pre_download', '__return_true' );

2. Require login for specific form and field

add_filter( 'gform_require_login_pre_download', 'require_login_for_downloads', 10, 3 );

function require_login_for_downloads( $require_login, $form_id, $field_id ){

  	// Update values below to match your form and field id's
	if  ( $form_id == '97' && $field_id == '2' ) {

		$require_login = true;

	return $require_login;

3. Require login for all forms and redirect to login page

add_filter( 'gform_require_login_pre_download', function( $require_login ) {
	$require_login = true;
	if ( ! is_user_logged_in() ) {

	return $require_login;
} );


This code should be placed in the functions.php file of your active theme.


This filter was added in Gravity Forms

Source Code

This filter is located in GF_Download::validate_download() in includes/class-gf-download.php.