Security Concern – File Upload field

  • Resolved yuuki2929

    (@yuuki2929)


    2 weeks, 1 day ago

    Hello Support Team,

    I found a security/privacy concern regarding the File Upload field.

    When users upload age identity documents through the File Upload field in registration form, the uploaded files are stored under:

    “/wp-content/uploads/ultimatemember/”

    These files can be directly accessed if someone knows the URL.

    This is problematic because these uploads may contain sensitive personal information.

    Could you please advise if there is a secure way to:

    1. Restrict file access to admins only
    2. Store uploaded files in a private directory
    3. Generate protected/signed URLs
    4. Add a privacy option for File Upload fields

    I believe many membership sites use Ultimate Member for verification purposes.

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Yurii

    (@yuriinalivaiko)

    1 week, 1 day ago

    Hello @yuuki2929

    Unfortunately, this functionality does not exist in our plugin at this time.

    Regards.

    Plugin Support Yurii

    (@yuriinalivaiko)

    1 day, 3 hours ago

    Hi @yuuki2929

    This thread has been inactive for a while so we’re going to go ahead and mark it Resolved.

    Please feel free to re-open this thread if any other questions come up and we’d be happy to help. 🙂

    Regards

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.