Thank you for reaching out to us.
but when someone guesses the direct media link, the file is immediately accessible.
Please check the following documentation. Let me know if this is what you are referring too.
https://simple-download-monitor.com/enhanced-file-protection-securing-your-downloads/
We also have the following addon that creates another layer of protection.
https://simple-download-monitor.com/hidden-downloads-for-simple-download-monitor/
Kind regards.
Thanks.
I have enabled enhanced file protection and created a new download. It appears in the sdm-uploads folder as described in your support link. I also see the .htaccess file in that folder with content “deny from all”
The download link works https://www.bahiadecasares.es/sdm_downloads/community-rules-2024/
But also visitors can download my file directly from
https://www.bahiadecasares.es/wp-content/uploads/sdm-uploads/test-direct-link.pdf
The website is running on a Apache server
Thank you for providing more information. I just carried out a test locally and it worked for me. After I enabled the Enable File Protection (Beta) feature. I then added a file to the new download created. Once I completed this task and saved the new download added. I went to a different browser and type the physical address for the new file and I received an error message stating that I did not have permission to access this resource. So I can confirm that it is working for me.
Can you share the steps you took to create this download file.
Thank you.
There might be some conflict with your site’s configuration or your server. I have submitted a message to the developers to investigate further your issue.
Kind regards.
-
This reply was modified 9 months, 3 weeks ago by
mbrsolution.
Plugin Author
mra13
(@mra13)
#1) Check the contents of the .htaccess file located in the following directory:
/wp-content/uploads/sdm-uploads/
#2) The content of that .htaccess file should be:
deny from all
#3) If the file already contains that directive, the next step is to contact your hosting provider. Ask them why the .htaccess rule isn’t working as expected. This is a standard directive that should block direct access to files on Apache servers. They should be able to provide insight based on their server configuration.
It’s possible that your hosting provider has disabled .htaccess overrides in their Apache configuration (i.e., AllowOverride All is not enabled). There may also be a file permission issue preventing the directive from being applied. Your hosting provider should be able to investigate and provide more specific insights based on their server setup.
Hello, my provider made a change to the .htaccess file and now it is working. The content is now
Require all denied
That is great news š I am marking this thread as resolved. Enjoy the plugin.
Kind regards.
