Ready to get started?Download WordPress

Plugin Directory

s2member Secure File Browser

The best way to share files securely with your clients, customers, friends and community.

s2Member secure files are always directly downloadable, how can I protect them by forcing php handling ?

It is recommended to add a deny from all directive in your httpd.conf for your s2member-files directory in order to avoid people directly access your protected files. Do not put the deny directive in the s2member-files/.htaccess because this file is always regenerated by s2member and your modifications are always overwritten.

Why s2member-files/.htaccess is not displayed ?

Even if you set shortcode option hidden to 1, .htaccess will never been displayed.

Are directories `access-s2member-level*` protected if they are not in the root directory ?

Yes ! And access-s2member-ccap* too !

The browser does not work, it displays `Invalid nonce` for registered users.

The authentication on your website is broken because of a plugin (AJAX requests not correctly handled). This behaviour is correct and it is protecting your files ! It happens for example when your authentication is only performed in a HTTPS form and the navigation is done in HTTP. If you use the WordPress HTTP plugin from http://mvied.com/projects/wordpress-https/ for example, you have to force HTTPS on each page which includes the s2member Secure File browser.

How to handle the `s2member-files/app_data` windows directory ?

In windows installations, put all files in s2member-files\app_data instead of s2member-files directory.

Requires: 3.3 or higher
Compatible up to: 3.9.2
Last Updated: 2014-5-16
Downloads: 6,784


4 stars
4.7 out of 5 stars


2 of 3 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,2,2 100,1,1
100,2,2 100,1,1 100,1,1
100,1,1 100,1,1