I'm trying to figure out how to totally prevent non-logged in users from having access to a file. It appears that download monitor is simply creating its own url that it can control access to then passing on the request, after the user has been auth'd, to the original file location. For example, domain.com/custom_url/filename.pdf is controlled by download manager and is only accessible to logged in users. Perfect. However, that url simply redirects to wp-content/uploads/downloads/year/month/filename.pdf which is still an accessible url. Member only file checks to see if they are logged in and force download makes it look like the file is coming from the download monitor url, but the original file is still available. Any way to lock out the ability to get to the original file?
WordPress Download Monitor
File location still accessible (3 posts)
-
robcwright
Posted 1 year ago # -
Host the file about your public/html / www directory, and use the force download option. Then the only way to the file is through the plugin.
-
rjksn
Posted 1 year ago #I wanted the same thing, and don't feel too comfortable having it in the generic WP structure.
I read somewhere that there was the ability to modify the file path, say put the files in a directory with a 40 character string.
As an example.
wp-content/uploads/downloads/year/month/filename.pdf
to
wp-content/uploads/vn5Yj5nMwbBmYScK87sRzH6eTyKr6nQttRtCB3s4/year/month/filename.pdfIt's not on your page though.
Topic Closed
This topic has been closed to new replies.
