Hi @kms1996
I hope you are doing well.
Forminator will use all good practices to ensure your submissions are secure but keep in mind we follow the WordPress structure, so for example the Upload would store the files to wp-content/uploads/YEAR/MONTH which is a public directory.
We do have some scripts that allow you to change the upload directory
https://gist.github.com/wpmudev-sls/46d776223d9d54c732fd409b2e78c8a9
If you would like to run a cleanup on uploaded files:
https://gist.github.com/wpmudev-sls/7c778b5bb9f814efdbd30b6a0448cfd8
You can also disable the data storage, https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#data-storage so submissions would be sent only to email and not stored on your databases.
Best Regards
Patrick Freitas
Who can actually see that uploads/year/month directory? You say its a public directory. Thanks for the help.
Hello @kms1996 !
The mentioned directory is publicly accessible and depending on the setup of the server it may also have an index listing all the files (though WP tries to prevent that).
As a side note, regarding the data you’d like to store – I’m not an US citizen, but as far as I know, storing SSNs and driver’s licenses of US citizens will be governed by specific additional laws as those are critical details about a person. Therefore I would suggest to check with a lawyer what the local laws require you to do and how you need to protect the uploaded files and then apply the requirements on your setup, possibly using the snippets my colleague shared as a starting point.
Best regards,
Pawel
Hello @kms1996 ,
We haven’t heard from you for a while now, so it looks like you don’t need our assistance anymore.
Feel free to re-open this ticket if needed.
Kind regards
Kasia
