The raw URL for the file is still accessible to public, if log in only is set

  • Resolved klewis

    (@blackawxs)


    7 months, 3 weeks ago

    The raw URL for the file, under the wp-content/uploads directory, is still accessible even if the log-in only access is enabled, or if private is enabled for the download file.

    How do we prevent someone savvy enough, from directly accessing/seeing the raw URL for downloads from the uploads path?

    This case appears specific for PDF files as they don’t just download, but open in a browser tab, revealing the uploads location to the end user.

    How can we secure this process so that PDFs directly download just like other files types do?

    • This topic was modified 7 months, 3 weeks ago by klewis.
    • This topic was modified 7 months, 3 weeks ago by klewis.
    • This topic was modified 7 months, 3 weeks ago by klewis.
    • This topic was modified 7 months, 3 weeks ago by klewis.
    • This topic was modified 7 months, 3 weeks ago by klewis.
    • This topic was modified 7 months, 3 weeks ago by klewis.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘The raw URL for the file is still accessible to public, if log in only is set’ is closed to new replies.