“Private area” is still very ambiguous, so you might want to elaborate more for more pointed advice.
That said, I would never use WordPress to hold a file I didn’t want the public to have. It just isn’t made for that, and I haven’t seen anything that builds it in.
The exception is selling commerce items, but even then the best way is to store the files as blob objects, and use an API to access it with a one-time transaction token. An example would be someone buying a music track from you, and they get the link from an S3 bucket. WooCommerce and EDD plugins can do that.
But the things you describe sound like a shared document folder. I personally use Nextcloud, which is great for that; I’ve deployed it for plenty of clients, as well. In addition to covering many of the use cases of Google Docs, but it has a few advantages:
- Can share files to folks without a login or tracking
- Can set an upload directory with anonymous access; I use this when clients need to send me very large files
- Groups support and permissions, for different kinds of access
Those are my recs.