- This topic has 3 replies, 2 voices, and was last updated 5 months, 3 weeks ago by
.
-
Posts
-
Hi:
Given that orders’ data is private I would expect that orders’ uploaded files would be private as well. Nevertheless, they are publicly accessible from “wp-content/uploads/ppom_files/”, so please make them private as the other orders’ data.
For example you could add settings like “File download methods” and “Access restriction” from Woocommerce’s downloadable products (https://docs.woocommerce.com/document/digital-downloadable-product-handling/).
Meanwhile you could add an .htaccess file to your folder “wp-content/uploads/ppom_files/” with “Options -Indexes” by default, and add a section “Protecting your uploads directory” to the plugin’s documentation like here: https://docs.woocommerce.com/document/digital-downloadable-product-handling/#section-2.
Thanks.
Hi,
Thanks for this, we have added an htaccess file but now we added some help inside how-to-secure.txt file.
You can create .htaccess files in ppom_files dir and paste following code:
RewriteEngine on RewriteRule !thumbs - [F]Thanks but that .htaccess file is not a valid workaround, because thumbnails should be private as well; and with that rewrite rule, shop managers cannot download confirmed orders’ files.
- You must be logged in to reply to this topic.