By default the real location of the uploaded file will be hidden. The download URL will be generated with a security token to prevent guessing or enumeration attacks to discover the location of other files.

Return FALSE to display the real location.

Not recommended – use with caution!


The following would apply to all forms.

add_filter( 'gform_secure_file_download_location', 'your_function_name', 10, 3 );

To target a specific form append the form id to the hook name. (format: gform_secure_file_download_location_FORMID)

add_filter( 'gform_secure_file_download_location_5', 'your_function_name', 10, 3 );


  • $secure_download_location bool

    If the secure location should be used. Defaults to true.

  • $file string

    The URL of the file.

  • $field GF_Field_Fileupload

    The field.


The following would apply to all forms.

add_filter( 'gform_secure_file_download_location', '__return_false' );


This code should be placed in the functions.php file of your active theme.

Source Code

$secure_download_location = apply_filters( 'gform_secure_file_download_location', $secure_download_location, $file, $this );
$secure_download_location = apply_filters( 'gform_secure_file_download_location_' . $this->formId, $secure_download_location, $file, $this );

This filter is located in class-gf-field-fileupload.php.