s2Member Framework (Member Roles, Capabilities, Membership, PayPal Members)
[resolved] File Downloads... not really secure? (3 posts)

  1. dkennerson
    Posted 1 year ago #

    Testing s2member. I've uploaded a file into the secure directory but it seems I can access the file by just entering the url into the browser like nameofsite.com/wp-content/plugins/s2member-files/nameoffile.pdf. While I do get the membership page if I'm not logged in, I CAN get to the file by simply being a registered user it seems at any level.

    If I offer different levels of membership/file access, it seems that I could be the lowest level of membership (free) and simply alter the url address to get to any file I want, even files that are for paid membership levels...

    Am I missing something? Is this correct? This would not be the desired result. I would think directly linking to the file would be blocked regardless of membership level and could only be accessed via the special s2member links...

    Anyone experience this issue or know what I'm missing?



  2. KTS915
    Posted 1 year ago #

    If you want different levels of membership to have access to different files, you need to store your files in the appropriate subfolders, like this:


  3. dkennerson
    Posted 1 year ago #

    That's it!

    Thank you for pointing me in the right direction.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic