Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uploads not protected #20

Closed
realflash opened this issue Jun 6, 2016 · 1 comment
Closed

Uploads not protected #20

realflash opened this issue Jun 6, 2016 · 1 comment

Comments

@realflash
Copy link

Kevin,

Thanks for the plugin. Working nicely for us. However, we've noted that anyone with a link to attachments in wp-content/uploads/ can download these files without logging in. Google spiders these folders and then includes the results in their search results so the chances of someone finding these files are quite high.
@kevinvess
Copy link
Owner

Thanks for using my plugin, glad to hear you like it!

Unfortunately, this isn't something the plugin forces since no php or WordPress script runs prior to loading the static files (.pdf, .doc, .jpg...etc). It just loads the file.

If you want to restrict access to the uploaded media files, you'll have to configure your server to pass or "proxy" all requests to the uploads folder through a php script that can check if the user is logged-in.

Check out the following URL for an example of how to do this:
http://wordpress.stackexchange.com/a/37743/48165

https://wordpress.org/support/topic/documents-not-protected#post-8176367

@kevinvess kevinvess mentioned this issue Jun 27, 2017
Closed
@kevinvess kevinvess pinned this issue Apr 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@realflash @kevinvess