PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Securing file uploads?

  1. Curently when someone uploads an attachment with a form it goes into the uploads folder and is browseable if someone knew the filename. While I know this is unlikely, is there a way to make file uploads more secure for peace of mind?

    Thanks!

    Posted 11 years ago on Thursday January 13, 2011 | Permalink
  2. I would also like to know if there is any way to restrict attachment file downloading to administrators and editors only.

    Posted 10 years ago on Friday May 27, 2011 | Permalink
  3. There is not currently a way to restrict attachment file downloading. However, the links to these can only be accessed via the entry detail. The URL's to the files are unlikely to be guessed due to the file folder structure. In the future we would like to add more security, however that will require .htaccess modifications in order to implement.

    Posted 10 years ago on Friday May 27, 2011 | Permalink
  4. Good to know that you have plans for it.

    Some kind of download manager would allow direct access to be denied with htaccess. Now I just made it little more difficult to access uploaded files by checking login cookie if trying to load them.

    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteRule ^(.*)files/gravity_forms(.*)$ http://my.site/ [NC,R,L]

    Posted 10 years ago on Friday May 27, 2011 | Permalink