Forums

WordPress › Support » Plugins and Hacks

user access manager: uploads file not protected (2 posts)

  1. wakalix
    Member
    Posted 3 months ago #

    This is a wonderful plug-in (user access manager), and it's just what I need for a blog with a public and private section. Yet, I realized that anyone can access the uploads directory, regardless of whether they are logged in. This occurs even with my settings for files are:

    Lock files: yes
    Locked file types: all
    .htaccess password: Use a random generated pass word.
    download type: fopen

    The .htaccess file in the uploads directory contains the following:

    AuthType BasicAuthName "WP-Files"
    AuthUserFile /var/www/html/wp-content/uploads/.htpasswd
    require valid-user
    ---------------------

    Am I missing something? Are my configurations correct? I would appreciate any feedback.

    Thanks.

  2. converting2wp
    Member
    Posted 1 month ago #

    My question on the above is what's in your .htaccess file?

    Did you ever resolve this? I'm having the opposite problem.

    I have a few posts with links to files in the upload directory (entered as .../wp-content/uploads/2009/10/xxx.pdf)
    I install the plugin
    I activate it (with the defaults which are as above but that download type is "normal")
    And then I can't access any files from the uploads directory (*before* I've gone through and marked any posts or files as private). When I click a link to a file in the upload directory I get "Error 404 - Not Found"

    Is that how it's supposed to work? Or am I missing some key part of the documentation?

    If I turn off the file locking, the links to the files work just fine.

Reply

You must log in to post.

About this Topic

Tags