Download urls not being masked

Hi there @joshuaiz,

Hope you’re well today and thanks for your question.

This should work for you.

1: Go to Dashboard > membership > URL Groups, create a new URL group make sure you add the masked download URL from 2: to the URL group.

2: Go to Dashboard > membership > options > downloads / media tab select ‘complete’ protection. check the masked URL leave as default. select the URL group you have just created.

3: Go to Dashboard > membership > access levels, add/edit your free level (or premium, depends on whether you use negative or positive rules? Add the downloads to your negative rule (or whichever you use). Then select the protected url group you just created.

4: When you add your media (or edit media). You should now be able to add it to the protected url group. That’s it, now when you add the media and select the protected group, the url will be protected for your download ??

Thanks!

Kind Regards
Jack.

**Update: looks like I got it working **

Actually the URL group is not necessary. All you need is the Protected Content Group set up in Dashboard > Membership > Options > Downloads/Media

What seems to be happening is that when I upload a file from the default WP uploader and select the Content Group there from the Upload screen it is not “sticking”. I had to go to Media Library > [My File] > Edit and add the Content Group there manually for this to work.

I will keep an eye on this and see if it is repeatable. Leaving this topic open as well.

Just as a follow up (and feature request) it would be great to be able to specify my own uploads folder within Membership. Thus I could use a separate folder for protected uploads versus regular wordpress uploads.

Even changing the default WP uploads directory location and name is really no protection at all because any images uploaded through the uploader (for posts and pages) will have their URLs visible on the web and thus someone can guess the upload folder structure from that.

I have a function that works for assigning a different upload folder for each custom post type. Ideally to have Membership be able to also map these and mask the urls for each would be ideal.

I spent several hours searching for a php function or htaccess directive to remap a directory outside of the web root to mask urls with no luck. That said, some plugins do this: cart66 is one – the “Products” folder for digital downloads can be outside of the web root and you just enter the full path and it works beautifully. MP3 jPlayer is another – you can select the default audio file folder to be outside of the web root.

If you have any suggestions on how to best cloak the upload folder location, I’m all ears.

Hi @joshuaiz,

Thanks for your feedback and feature request. Incidentally, the topic’s been brought up before in our premium forums, for example here:
https://premium.wpmudev.org/forums/topic/how-do-i-protect-urls-like-pdfs

Currently, the plugin just “masks” files for protection. Though we base our developments on member concerns, generally through our feature suggestion forums. The move voice we hear from them, the more things get changed! ??

Cheers,
David

Yes I have those .htaccess rules in place. But being able to put the folder outside of the web root is most secure solution.

Hi @joshuaiz,

Thanks for your thoughts on that. Unfortunately, that’s not something the plugin is currently designed to handle. Though I’m sure we’ll be looking to add that in a future version.

Cheers,
David