File Downloads… not really secure?

  • Resolved dkennerson

    (@dkennerson)


    10 years, 7 months ago

    Testing s2member. I’ve uploaded a file into the secure directory but it seems I can access the file by just entering the url into the browser like nameofsite.com/wp-content/plugins/s2member-files/nameoffile.pdf. While I do get the membership page if I’m not logged in, I CAN get to the file by simply being a registered user it seems at any level.

    If I offer different levels of membership/file access, it seems that I could be the lowest level of membership (free) and simply alter the url address to get to any file I want, even files that are for paid membership levels…

    Am I missing something? Is this correct? This would not be the desired result. I would think directly linking to the file would be blocked regardless of membership level and could only be accessed via the special s2member links…

    Anyone experience this issue or know what I’m missing?

    Thanks

    https://www.ads-software.com/plugins/s2member/

Viewing 2 replies - 1 through 2 (of 2 total)

  • If you want different levels of membership to have access to different files, you need to store your files in the appropriate subfolders, like this:

    /s2member-files/access-s2member-level2/nameoffile.pdf

    Thread Starter dkennerson

    (@dkennerson)

    That’s it!

    Thank you for pointing me in the right direction.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘File Downloads… not really secure?’ is closed to new replies.