Support » Plugin: WP Ever Accounting - Accounting for small business » Preventing access to attachments

  • Resolved Cheryl

    (@tricheryltops)


    Hi,
    One more question:

    I find that if I add an attachment, it could be seen from any viewer on the front end.

    Directory listing is prevented, but if I have the URL of an attachment file in the uploads/eaccounting directory, I can view the file as a non logged in user.

    I have tried modifying the .htaccess file in that directory to just deny from all, but that does not seem to be working.

    How can I made attachments for expenses in this plugin not viewable to non-admin users?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Bappi

    (@b-07)

    Hello @tricheryltops,

    Thanks for reaching out.

    Currently, there’s no such option available for attachments. But this sounds like an interesting feature. I’ve forwarded this to our development team, and I’ll let you know if/when it gets implemented.

    Thread Starter Cheryl

    (@tricheryltops)

    I would think that front-end users not being able to access attachments (which I’m assuming are intended for receipts) would be kind of basic:)

    I’ll look into how I can block access — I’m sure there’s some way, but for some reason the .htaccess settings that I think should work are not.

    Thanks for the response.

    Thread Starter Cheryl

    (@tricheryltops)

    Sorry about that…it seems that blocking access to individual files is something I’ll need to get configured at the server level.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.