All Uploaded Files Are Publically Viewable

  • Good day everyone,

    I am currently looking for a way to manage downloads for a client of mine. She would like a way to post downloads to an individual user’s account and have them only be able to download it after the user logs in.

    From what I am seeing, this plugin uploads all files to the public_html/WEBSITE/wp-content/uploads/file_uploads/ path, which in Apache if there is no index page, is openly viewable. Going to site.com/wp-content/uploads/file_uploads/ shows the full folder and file tree, whether you’re logged in to the website or not.

    So, is there any way using this plugin to actually restrict downloads to just the intended users, and not just grabbing a link from a public facing folder? Is there some way using WordPress, this plugin, or Apache to truly put these downloadable files behind a log in on the WP-Admin page?

    Thank you for your time.

    https://www.ads-software.com/extend/plugins/user-files/

Viewing 1 replies (of 1 total)
  • Plugin Author Scriptonite

    (@scriptonite)

    These settings need to be set on your server, add the following line
    Options -Indexes
    to your .htaccess file to stop apache from listing directory contents. Then they will be accessible to the users only through wordpress or if they have the direct link to the file.

Viewing 1 replies (of 1 total)
  • The topic ‘All Uploaded Files Are Publically Viewable’ is closed to new replies.