I’m trying to figure out how to totally prevent non-logged in users from having access to a file. It appears that download monitor is simply creating its own url that it can control access to then passing on the request, after the user has been auth’d, to the original file location. For example, domain.com/custom_url/filename.pdf is controlled by download manager and is only accessible to logged in users. Perfect. However, that url simply redirects to wp-content/uploads/downloads/year/month/filename.pdf which is still an accessible url. Member only file checks to see if they are logged in and force download makes it look like the file is coming from the download monitor url, but the original file is still available. Any way to lock out the ability to get to the original file?
- The topic ‘[Plugin: WordPress Download Monitor] File location still accessible’ is closed to new replies.