Restrict WordPress media library to each user's own uploads (no plugin)

By default, WordPress shows every uploaded media file to every logged-in user with access to the media library. For multi-author sites, customer portals or membership sites that's a problem — users see (and can re-use) media that doesn't belong to them. Here's the no-plugin fix.

The two-line solution

Drop this into your theme's functions.php (or better, a small site-specific plugin so theme switches don't break it):

add_filter('ajax_query_attachments_args', function ($query) {
  if (!current_user_can('manage_options')) {
    $query['author'] = get_current_user_id();
  }
  return $query;
});

That's it. Administrators still see everything; everyone else only sees their own uploads.

What's happening

The ajax_query_attachments_args filter intercepts the media-library query that runs every time someone opens "Add Media" or browses /wp-admin/upload.php. We check if the current user is not an administrator and, if so, scope the query to their own user ID.

Two gotchas

• The classic editor's "Insert from URL" tab is unaffected. If you need to lock that down too, restrict the upload_files capability instead.
• The REST API needs its own filter. If you've built a custom uploader that hits /wp-json/wp/v2/media, add a matching rest_attachment_query filter.

When you actually need a plugin

If you have to enforce media isolation across thousands of users with their own dashboards, a custom plugin (or one of the established membership plugins) is the safer call. For 2–20 users on a multi-author blog, the snippet above is enough.

We ship this kind of small surgical WordPress fix all the time. If you'd rather not edit functions.php yourself, send us the brief.