Actually, in this way I believe I cannot prevent that anyone who knows the redirect link can get the files, while I want to deliver them only to WP users that have a specific permission set in WP. Or am I wrong ?