You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for the plugin. Working nicely for us. However, we've noted that anyone with a link to attachments in wp-content/uploads/ can download these files without logging in. Google spiders these folders and then includes the results in their search results so the chances of someone finding these files are quite high.
The text was updated successfully, but these errors were encountered:
Thanks for using my plugin, glad to hear you like it!
Unfortunately, this isn't something the plugin forces since no php or WordPress script runs prior to loading the static files (.pdf, .doc, .jpg...etc). It just loads the file.
If you want to restrict access to the uploaded media files, you'll have to configure your server to pass or "proxy" all requests to the uploads folder through a php script that can check if the user is logged-in.
Kevin,
Thanks for the plugin. Working nicely for us. However, we've noted that anyone with a link to attachments in wp-content/uploads/ can download these files without logging in. Google spiders these folders and then includes the results in their search results so the chances of someone finding these files are quite high.
The text was updated successfully, but these errors were encountered: