Make uploaded files private – N-Media Client Portal

This topic has 3 replies, 2 voices, and was last updated 2 months, 3 weeks ago by nmedia.

Viewing 4 posts - 1 through 4 (of 4 total)

Author

Posts
September 8, 2020 at 12:28 pm #18925

CLUB
Participant

Hi:

Given that orders’ data is private I would expect that orders’ uploaded files would be private as well. Nevertheless, they are publicly accessible from “wp-content/uploads/ppom_files/”, so please make them private as the other orders’ data.

For example you could add settings like “File download methods” and “Access restriction” from Woocommerce’s downloadable products (https://docs.woocommerce.com/document/digital-downloadable-product-handling/).

Meanwhile you could add an .htaccess file to your folder “wp-content/uploads/ppom_files/” with “Options -Indexes” by default, and add a section “Protecting your uploads directory” to the plugin’s documentation like here: https://docs.woocommerce.com/document/digital-downloadable-product-handling/#section-2.

Thanks.

September 10, 2020 at 4:25 am #18958
nmedia
Keymaster
Hi,

Thanks for this, we have added an htaccess file but now we added some help inside how-to-secure.txt file.

You can create .htaccess files in ppom_files dir and paste following code:
```
RewriteEngine on
RewriteRule !thumbs - [F]
```
September 10, 2020 at 12:41 pm #18967

CLUB
Participant

Thanks but that .htaccess file is not a valid workaround, because thumbnails should be private as well; and with that rewrite rule, shop managers cannot download confirmed orders’ files.

September 12, 2020 at 4:24 am #19029

nmedia
Keymaster

Ok…

Then let me workaround on this and if you see any better approach please share.
Author

Posts

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.