How to block file access to unwanted users?

  • Resolved Gerdski

    (@gerdski)


    3 years, 4 months ago

    Hello,

    I think this plugin (free version) is very good. However, one thing I cannot achieve.

    I have set up 2 Test companies in the like of wp-content/userfiles/company-a
    and wp-content/userfiles/company-b and added some files to each subfolder inside the userfiles folder. When I am logged in as Company A, I can see only Files insied the /company-a/ folder and not the other ones. When I am logged in as B I cannot see the A files any more. Very good.

    But then there is the Preview Option in Filester which shows me the path to the file: https://mysite.com/wp-content/userfiles/company-a/myimage.jpg?_t=1625573521.

    If I copy this URL and paste it into another browser, the file can be seen and downloaded without me being logged in!

    So Company B could easily access Files of Company A if they know the filename. They could try to guess the filename like /company-b/business-report-2020.doc or similar.

    This should be avoided.

    Is there a way in which I can achieve this?
    Did I do something wrong in Setup?

    Thanks a lot!

Viewing 7 replies - 1 through 7 (of 7 total)
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘How to block file access to unwanted users?’ is closed to new replies.