rwerthamer

I declared victory too soon! It seems there is a huge hole in WordPress security, even bigger than I had thought yesterday.
I have a book manuscript uploaded to my site. I’ve installed wpStoreCart to sell the book, and my site won’t let a visitor download the book file until they’ve paid. So far, so good.
But the book file also exists in the wp-content/uploads folder, where it is not controlled by wpStoreCart: any visitor to the uploads url can download the file there for free. Furthermore, a Google search on my book title returns the uploads url, not my main site!
How do I close this backdoor to my product, and re-establish a wpStoreCart payment as the only access path? If I delete the file via Admin>Media, as suggested above, won’t that delete the file from my website altogether, rather than from just the uploads folder?
I can supply details of my site url and password to the Forum Moderator if it would be useful. Thanks so much for your help with this!

I did it about two years ago when I first created the site. I used the standard wordpress upload procedure to a Page. The file (a book, actually) was in pdf format. Some time later I improved the material and replaced the original file; I also installed wpstorecart to sell the improved file, which I uploaded in .zip format.
My site shows only the improved file, not the original. But both versions show up in wp-content/uploads (with slightly different upload dates, of course) and the original is fully download-able for free by anyone going to the uploads folder url. I’m trying to close that back door.