In your WordPress admin, go to Plugins → Add New → Upload Plugin and select the ZIP file you just downloaded. Click Install Now, then Activate.
Go to Settings → XYZ Protect. On the Connection & Status tab, click Start Free Trial and enter your email and site URL. You'll receive an API key by email.
The free trial includes 10,000 protected media requests. No credit card required.
On the Content Protection tab, click Provision Media Hostname. Enter your origin hostname (usually your site's domain) and choose a media subdomain (e.g., media.example.com).
The media subdomain must be on the same domain as your WordPress site.
The plugin displays the exact records to create at your DNS provider: one CNAME and two TXT records. Add them in your DNS management panel (Cloudflare, GoDaddy, Namecheap, Route53, etc.).
DNS propagation typically takes 1–5 minutes. The plugin checks automatically every 30 seconds and activates protection once verified.
Choose your protection mode (Guard Cookie, Encrypted URL, or Tiered), set your protection scope (protect everything or specific folders), and configure any exempt paths for public content like logos and social sharing images.
If you use MemberPress or Paid Memberships Pro, XYZ Protect detects them automatically. Map your membership levels to protection tiers in the plugin settings.
Go to Content Protection → Advanced → Self-Test to verify the protection network is correctly blocking unauthorized requests to your media. The test confirms that visitors without authorization see a placeholder instead of your real content.
Authorized visitors see your content. Everyone else sees a placeholder. Test it yourself: open an incognito window, visit a page with protected media, and confirm the placeholders appear. Log in and the real content loads. The plugin starts in a free trial mode with 10,000 protected media requests. This should provide most sites plenty of time to configure their protection rules and ensure that XYZ Protect meets their needs before starting a subscription.