The best way to share files securely with your clients, customers, friends and community.
It is recommended to add a
deny from all directive in your
httpd.conf for your s2member-files directory in order to avoid people directly access your protected files. Do not put the
deny directive in the
s2member-files/.htaccess because this file is always regenerated by s2member and your modifications are always overwritten.
Even if you set shortcode option
.htaccess will never been displayed.
And access-s2member-ccap* too !
The authentication on your website is broken because of a plugin (AJAX requests not correctly handled).
This behaviour is correct and it is protecting your files !
It happens for example when your authentication is only performed in a HTTPS form and the navigation is done in HTTP.
If you use the
WordPress HTTP plugin from http://mvied.com/projects/wordpress-https/ for example, you have to force HTTPS on each page which includes the s2member Secure File browser.
In windows installations, put all files in
s2member-files\app_data instead of