Title: Security Last modified: August 9, 2022 --- # Security * Resolved [nmwoods123](https://wordpress.org/support/users/nmwoods123/) * (@nmwoods123) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/) * Hi. We are looking at using the plugin to put the downloads on a private page. Are the downloads hidden from the public, both in the file system and the website? Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [Lana Codes](https://wordpress.org/support/users/lanacodes/) * (@lanacodes) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15900693) * This is a complex question, I will try to give a detailed answer: * – If you upload the file using the “Download” post type file management part, it will go to the `/uploads/lana-download/` folder, where direct file access is prohibited, so `https://lana.codes/wp-content/uploads/lana-download/file.pdf` is not accessible to anyone. So direct file access is disabled (it always works that way). * – You can only download the file via the download permalink, for example `https:// lana.codes/download/1201/` * But knowing the download permalink, there is no limitation. If someone knows the download permalink and sends it to anyone else, they will be able to download it. * If you set the “Download” post type to private in the settings, the post type will not be publicly listed, so the link is not easily accessible publicly. * But if, for example, you want the link to be available only to logged-in users, then that would require development and modification. * If you have any further questions, feel free to contact me. * Thread Starter [nmwoods123](https://wordpress.org/support/users/nmwoods123/) * (@nmwoods123) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15901036) * That’s great, thanks you for your quick and detailed response, much appreciated. * I have set up a test on a stage site and have found that I can directly access the file that was uploaded download post type file management to my lana-download folder (e.g the equivalent of [https://lana.codes/wp-content/uploads/lana-download/file.pdf](https://lana.codes/wp-content/uploads/lana-download/file.pdf) in your example). Am I doing something wrong or misunderstanding? * Plugin Author [Lana Codes](https://wordpress.org/support/users/lanacodes/) * (@lanacodes) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15901180) * Hm, I forgot to say that restricting direct file access works for the following web servers: Apache and LiteSpeed. * So if your localhost web server is Nginx, it doesn’t work there. * But if your web server is Nginx, then a separate limiting solution must be applied, I think I can help you with such a limiting setting for your web server. * You can check here: * Tools > Site Health > Info > Server > Web server * Thread Starter [nmwoods123](https://wordpress.org/support/users/nmwoods123/) * (@nmwoods123) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15901309) * Hi, it is using apache: * Server architecture Linux 3.12.18-clouder0 x86_64 Web server Apache * Plugin Author [Lana Codes](https://wordpress.org/support/users/lanacodes/) * (@lanacodes) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15901319) * Hm, that’s weird then. Could you send me the link to the website? Also the link of the file? So I can test it. * You can also send by email: [info@lana.codes](https://wordpress.org/support/topic/security-111/info@lana.codes?output_format=md) * Plugin Author [Lana Codes](https://wordpress.org/support/users/lanacodes/) * (@lanacodes) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15906516) * Based on the link sent in the email, I receive this message: * `403 - Forbidden Access to this page is forbidden.` * So it seems to work. * Thread Starter [nmwoods123](https://wordpress.org/support/users/nmwoods123/) * (@nmwoods123) * [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15906818) * Yes, it now works, thank you for investigating. We believe it was to do with the caching we had enabled which uses nginx Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Security’ is closed to new replies. * ![](https://ps.w.org/lana-downloads-manager/assets/icon-128x128.jpg?rev=1512693) * [Lana Downloads Manager](https://wordpress.org/plugins/lana-downloads-manager/) * [Frequently Asked Questions](https://wordpress.org/plugins/lana-downloads-manager/#faq) * [Support Threads](https://wordpress.org/support/plugin/lana-downloads-manager/) * [Active Topics](https://wordpress.org/support/plugin/lana-downloads-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/lana-downloads-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/lana-downloads-manager/reviews/) * 7 replies * 2 participants * Last reply from: [nmwoods123](https://wordpress.org/support/users/nmwoods123/) * Last activity: [3 years, 10 months ago](https://wordpress.org/support/topic/security-111/#post-15906818) * Status: resolved