So I copy a protected file url into a new opened browser and the file gets downloaded (jpeg or pdf for instance).
I reinstalled s2member plugin, deleted and recreated the .htaccess file, etc. Nothing worked.
Deactivated all other plugins. No result.
If I cut the file name in the url and try to acces the folder instead, I am correctly redirected to the login page.
Are you sure you tested while logged out?
It’s all working perfectly for me. I get redirected to the MOP is I try to access the URL directly.
Maybe you can test too. I put a pdf file at
https://www.dentfix.ro/planuri/wp-content/plugins/s2member-files/uploads/1200_USER_MANUAL_EN.pdf
And try this link
https://www.dentfix.ro/planuri/wp-content/plugins/s2member-files/uploads/
In my case I can download the pdf file and the second link redirects to the login page.
Yes, I get the same results as you. I think the problem is because you are adding the sub-folder uploads. Is there any reason for that?
The default is just to store files in the s2member-files folder. If you want to use sub-folders, they should be associated with a specific level or ccap, as explained under the last item on the Download Restrictions page.
Actually I solved the issue. I had an Wordpress site on root directory and another in /planuri directory. For some reason the .htaccess rules from the root directory were breaking the subfolder site rules.
I just moved the entire installation onto a new domain, in root folder, and now s2member is protecting the files properly.
About the upload directory situation: I defined the upload directory inside s2member-files folder in order to automatically protect all media files. And it works as intended since I need a members only website where I want to make sure nobody can load any media file if the url is known by some means.
The protection works without the ccap feature, simply all tree under s2member-files is protected. I am struggling now to find out how to unprotect a specific folder that I need unprotected, containing theme’s dynamic css stuff…
Maybe it does. But it is completely unnecessary. All files in the s2member-files folder are protected like that automatically.
Hm. So the upload directory default location is /wp-content/uploads
Like this nothing from the media library can be protected by s2member. The only way I found to protect these attachments was to redefine the upload directory location to /wp-content/plugins/s2member-files/uploads/
I do not understand why this is unnecessary when I need to protect all media files with s2member…?
Thanks
The relevant place is simply this:
/wp-content/plugins/s2member-files/
No need to append a further subfolder called uploads
OK, I got your point. Thanks