This is not an “issue” with File Away. The files exist on your server. If someone knows the file address to any file, it is downloadable.
Unless you put an .htaccess file in your file directory with a deny from all
directive, but that’s your decision. If you do use an .htaccess file though, you will need to either enable stats in File Away options or enable encryption in your fileaway shortcode for downloads to work. And in this case you will not be able to use the flightbox or thumbnails.
Thank you for your help. I use the plugin All-in-one-Intranet, which locks every wp page from outside. So you can only see the wp pages when you are logged in. Is this .htaccess hint synchronous with the login of wp? Because the .htaccess hint sounds for me like an additional password. Is this requirement feasible on the basis of file away: only single-signed-on wp users have access on every content, file-based and page-based and content cannot be downloaded for not-signed-in users?
Thanks again.
There is no password involved with a deny from all directive. It prevents direct access to the files from the browser, logged in or not. Then enabling stats or encryption on your File Away table will mean that when the user clicks on the download link, File Away will then push the file to the browser from the server, rather than the browser trying to navigate directly to the file.
This should be the content of your .htaccess
file:
Order allow,deny
Deny from all
That’s it.
-
This reply was modified 6 years ago by
thomstark.
To reiterate, the .htaccess file goes in your top file directory, not your wordpress install directory.