Testing s2member. I’ve uploaded a file into the secure directory but it seems I can access the file by just entering the url into the browser like nameofsite.com/wp-content/plugins/s2member-files/nameoffile.pdf. While I do get the membership page if I’m not logged in, I CAN get to the file by simply being a registered user it seems at any level.
If I offer different levels of membership/file access, it seems that I could be the lowest level of membership (free) and simply alter the url address to get to any file I want, even files that are for paid membership levels…
Am I missing something? Is this correct? This would not be the desired result. I would think directly linking to the file would be blocked regardless of membership level and could only be accessed via the special s2member links…
Anyone experience this issue or know what I’m missing?
- The topic ‘File Downloads… not really secure?’ is closed to new replies.