S2member-files not protected after server migration

eds · 10 November 2017 15:42

Hi,

I have migrated the website to an other server (clone, same domain). Everything works fine except one important feature. The s2member-files folder is not protected no more… The files are now downloadable from the url by anybody.

Exemple URL:
https://domaine.net/wp-content/plugins/s2member-files/myPDF.pdf

What can I do to secure this folder please ?

Regards

KTS915 · 10 November 2017 15:49

It sounds like you need to regenerate your .htaccess file.

eds · 10 November 2017 15:53

I thought about something like that… but how to please ?
And do I have to regenerate only the one from the s2member-files folder or the htaccess of the root website too ?

Many thanks Kim for that quick answer !

KTS915 · 10 November 2017 15:55

Try this. Deactivate s2Member, and then delete the .htaccess file in the s2member-files folder. Then reactivate s2Member.

eds · 10 November 2017 16:04

Did it. The htaccess is well generated but I still can download files from direct url without being connected.

KTS915 · 10 November 2017 16:05

Are you sure that you are trying this as a logged-out user, or one with insufficient permissions?

eds · 10 November 2017 16:18

I’m trying from another browser, private navigation, not connected with any user.

Thank you again

KTS915 · 10 November 2017 16:51

Are you on GoDaddy hosting?

eds · 10 November 2017 17:12

WPSERVEUR, a Wordpress Host.

KTS915 · 10 November 2017 17:31

Then I’d talk to them.

eds · 11 November 2017 12:02

The issue come from the nginx server. The host tried to follow the explanations from this page to secure the s2member-files folder:

But it retruns a 403 error even for connected users…

KTS915 · 11 November 2017 15:21

How do you have nginx with a .htaccess file?

krumch · 11 November 2017 17:06

@eds, try to save your permalinks again. Not sure it will helps, tough…

eds · 12 November 2017 21:51

The permalinks are ok, thank you krumch.
I finally migrate the website to a VPS on apache (plesk). And now I have another issue… the downloads are ok and protected again. But I have html files into the s2member-files folder which I load on some pages into iframe. Now this content only displays if I disable the htaccess file. If the htaccess is enabled I have strange code instead of the html content:

Any idea again ? Best regards

krumch · 13 November 2017 10:33

That is UTF code, I think. That is because s2M sends HTML files like binary files, and browser don’t recognize them as “page”, but as “text with binary coded symbols”. Is they downloads right before to move? Try to exclude HTML files from download protection, maybe…

eds · 13 November 2017 11:05

Like this ?

eds · 13 November 2017 11:10

Problem solved enabling this option:

Is it safe to keep this on ?

krumch · 14 November 2017 18:52

Great! I was forgot that setting…

Yes, it is safe, it works for “download files” only.

eds · 14 November 2017 19:38

Ok, many thanks guys !