Prevent hotlinking in protected directory

Hello,

I’m setting up file protection in S2Member, and noticed that files in the s2member protected directory (e.g. /wp-content/plugins/s2member-files/example.mp3) can still be linked to directly and accessed by anyone.

Is this how S2Member is by default? Is there a way to prevent these files from being accessed by S2 users without the proper permissions?

Thanks.

If you are seeing that, then you haven’t set something up correctly. Have you created a Membership Options Page?

Yes, we have a membership options page. Other restricted pages redirect to the membership options pages when non-logged in users try to view them, but direct file links are still viewable by anyone. I have also set up basic file download restrictions for the various user levels in S2member, allowing anyone but level 0 full access to download. Is there anything else I should be looking at?

It sounds like you have setup s2Member correctly, so the problem seems to be with the setup of something else, perhaps another plugin or at server level.

Are you running any caching, for example, or a so-called security plugin?

There are no security or caching plugins in place, but our installation is on WP Engine. I know that WP Engine does some aggressive caching. Is this something I should contact them about?

Yes, I’d ask them. But I’d also check that you don’t have a conflict with another plugin.

1 Like