Title: genjitech's Replies | WordPress.org --- # genjitech [ ](https://wordpress.org/support/users/genjitech/) * [Profile](https://wordpress.org/support/users/genjitech/) * [Topics Started](https://wordpress.org/support/users/genjitech/topics/) * [Replies Created](https://wordpress.org/support/users/genjitech/replies/) * [Reviews Written](https://wordpress.org/support/users/genjitech/reviews/) * [Topics Replied To](https://wordpress.org/support/users/genjitech/replied-to/) * [Engagements](https://wordpress.org/support/users/genjitech/engagements/) * [Favorites](https://wordpress.org/support/users/genjitech/favorites/) Search replies: ## Forum Replies Created Viewing 7 replies - 1 through 7 (of 7 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[File Away] directory security](https://wordpress.org/support/topic/directory-security-2/) * Thread Starter [genjitech](https://wordpress.org/support/users/genjitech/) * (@genjitech) * [9 years, 9 months ago](https://wordpress.org/support/topic/directory-security-2/#post-8201820) * never mind as i have found the problem. i use wpmu domain mapping and after updating fileaway i can no long choose my mapped domain as base url. even if manual set it in db options always reset back to base network site domain site1.genjitech. com mapped as genjitech.com genjitech.com is not available as base url only site1. genjitech.com which breaks the wp cookie.. * do i need to open a new thread for mapped domain not available to choose as base? * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[File Away] directory security](https://wordpress.org/support/topic/directory-security-2/) * Thread Starter [genjitech](https://wordpress.org/support/users/genjitech/) * (@genjitech) * [9 years, 9 months ago](https://wordpress.org/support/topic/directory-security-2/#post-8201655) * ok to reproduct the problem add .htaccess file to directory you wish to secure add # These next two lines will already exist in your .htaccess file RewriteEngine On RewriteBase / # Add these lines right after the preceding two RewriteCond %{ REQUEST_FILENAME} ^.*(doc|docx)$ RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.* $ [NC] RewriteRule . – [R=403,L] visit page and click link Apache error| your are not allow by server configuration now load copy the link and past it directly in address bar and file downloads like magic * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[File Away] directory security](https://wordpress.org/support/topic/directory-security-2/) * Thread Starter [genjitech](https://wordpress.org/support/users/genjitech/) * (@genjitech) * [9 years, 9 months ago](https://wordpress.org/support/topic/directory-security-2/#post-8201613) * .htaccess tried in the /public_html/secure-content tried /public_html {modifying the main wordpress .htaccess} both yields same results * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[File Away] directory security](https://wordpress.org/support/topic/directory-security-2/) * Thread Starter [genjitech](https://wordpress.org/support/users/genjitech/) * (@genjitech) * [9 years, 9 months ago](https://wordpress.org/support/topic/directory-security-2/#post-8201561) * enable encrypted links is fine and plan on enabling this, but this doesnt fix the fact that with out .htaccess on the directory there is nothing in place to keep someone from just hotlinking the file as its open to the public.. even with encrypted links its not that hard to view source and get the complete path * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[File Away] directory security](https://wordpress.org/support/topic/directory-security-2/) * Thread Starter [genjitech](https://wordpress.org/support/users/genjitech/) * (@genjitech) * [9 years, 9 months ago](https://wordpress.org/support/topic/directory-security-2/#post-8201555) * root directory: wp install directory base directory 1: /public_html/secure-content/ base url: genjitech.com (HTTPS) ———- Statistics are disabled —————- [Shortcode][ fileaway type=”table” showto=”administrator,insurance_company,safety_director” search=”yes” searchlabel=”Filter Data Below” mod=”no” redirect=”true” recursive =”on” only=”Accident-Safety” theme=”silver-bullet” heading=”Accident-Reports” hcolor=”blue” color=”blue” iconcolor=”blue”] * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[File Away] directory security](https://wordpress.org/support/topic/directory-security-2/) * Thread Starter [genjitech](https://wordpress.org/support/users/genjitech/) * (@genjitech) * [9 years, 9 months ago](https://wordpress.org/support/topic/directory-security-2/#post-8201513) * without adding .htaccess to directory the only security files have is to make sure “Options +Indexes” is turned off, but if direct path is known file is basically public available * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[File Away] directory security](https://wordpress.org/support/topic/directory-security-2/) * Thread Starter [genjitech](https://wordpress.org/support/users/genjitech/) * (@genjitech) * [9 years, 9 months ago](https://wordpress.org/support/topic/directory-security-2/#post-8201492) * Im using fileaway to list a directory with secured documents. As i do not want anyone to have direct access to files in this directory without being logged in. I wanted some extra security to disallow anyone who doesnt have nor is logged in wordpress to be able to get files.. Adding .htaccess to directory # These next two lines will already exist in your .htaccess file RewriteEngine On RewriteBase/# Add these lines right after the preceding two RewriteCond %{REQUEST_FILENAME} ^.*(doc|docx)$ RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteRule.–[ R=403,L] works except with fileaway plugin.. If direct link to file without being logged in wordpress download is denyed If direct link to file after loggin in wordpress file downloads as expected.. BUT if try to download file with link generated with fileaway .htaccess is ignored and is always denyed access to download file Viewing 7 replies - 1 through 7 (of 7 total)