By default the real location of an uploaded file is hidden. The download URL will be generated with a security token to prevent guessing or enumeration attacks to discover the location of other files. The gform_require_login_pre_download filter can be used to require the user be logged in before the download URL will allow access to the file.


The following would apply to all forms.

add_filter( 'gform_require_login_pre_download', 'your_function_name', 10, 3 );


  • $require_login bool

    Does the user need to be logged in to access the file? Default false.

  • $form_id int

    The ID of the form used to upload the requested file.

  • $field_id int

    The ID of the field used to upload the requested file.


1. Require login for all forms

add_filter( 'gform_require_login_pre_download', '__return_true' );


This code should be placed in the functions.php file of your active theme.


This filter was added in Gravity Forms

Source Code

This filter is located in GF_Download::validate_download() in includes/class-gf-download.php