How are the protected downloads handled? Only by obscurity?

In the member plugin, how are protected downloads handled? Is masking the url the only protection it delivers?

If I used the membership plugin for 1 site within a multisite installation, and set up a protected folder with a unique name to mask it, couldn't someone just know that files in a multisite installation are stored at /files ? Seems pretty pointless or am I missing something?

Ultimately I want to protect files from being copied and pasted into the browser address bar if the url is shared. This is probably more of a .htaccess thing though isn't it?

  • Arun Basil Lal

    Hello Andrew,

    The downloads are protected by using the masked url like you mentioned. The request has to go through the masked url, if the user gets hold of the real url, there is no protection for them. But ideally they won't.

    For extra protection, you can change your default uploads folder to a custom one in the Media Settings in your WordPress Dashboard. You could also choose to have month and year based folders making it more difficult for people to figure out the actual location.

    When the url is accessed by a non-logged in user, he is just taken to a blocked page and cannot download the product. So sharing the url is not a problem.

    I hope this helps, Let me know if you have more questions.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.