I have recently found out that s2member is no longer protecting the WordPress media library. Therefore, visitors without paying or are logged into the system can download protected files that are found within the WordPress media library.
It used to work fine for many years, but this has only came to my attention recently.
Any help would be great.
Can you clarify please. S2member never protected the media library.
You can configure s2member to protect specific content by type or protect files that are placed in the special protected s2member folder(s).
But that all has to be specifically configured. S2member does not protect anything “out of the box”.
Hi Tim, that’s correct, we’ve added the htaccess file (that protects the /s2member-file/ directory) within the WordPress media library, which has worked in the past to block any files within that directory. And have also configured it to show this protected folder within the s2member plugin in the 'basic download restrictions."
Having said that, we think we have found the issue, which is server related (Nginx) since about 2 weeks ago we changed servers (which has seemed to work before the move).
I’ll keep you updated…