Our restricted files in /wp-content/plugins/s2member-files are now publicly accessible to all site visitors despite the .htaccess rules. We’re using Siteground hosting. Our site does seem to follow .htaccess rules in general (e.g., file redirects, etc.). Although Siteground’s advertising says that they use a blend of Apache and Nginx, I believe the Nginx is just serving the HTML versions of cached content if I’m reading their info correctly.
I’ve done the following:
- Checked that our restriction options for files are still set up in Download Options - Basic Download Restrictions (and that we also have a Membership Options Page configured)
- Checked that S2Member has created its .htaccess file inside the /s2member-files folder and also the s2member stanza in our main .htaccess file.
- Checked that other S2member restrictions (e.g., restricted pages/posts) are working normally.
Do I maybe need to modify the folder permissions for the s2member-files folder? Right now it is set to 755. I had assumed the .htaccess rules would cover that problem, but maybe not?
We are using the Pro version of S2member (currently Version 230504 + s2Member Pro v220421). I apologize if this question has come up before–I wasn’t able to find an answer that seemed like it would work after looking through some previous forum posts. I can share our website info if needed but would rather not do that publicly since these files are openly available at the moment.
Appreciate your help!