Why not just remove the read flag from (group and world) directory
https://www.yourdomain.com/wp-content/uploads/2012/
This will disallow the world and groups to reach out to the above folder. But you “admin” can always follow the link in the emails that you receive everytime a user registers for a job posting. And that works fine.
Unless I am missing something and or this is causing other issues?
Hope this helps.
