Support Forum
Support Forum
Offline
Hi,
I want to set up a totally private forum of which no part or attachment can be accessed without membership. I have noticed that an attachment to a post can be downloaded by the URL - can I prevent this happening? Also, just want to make sure that web spiders won't be able to access posts and then cache them.
Thanks!
Offline
Please see the Permissions where you will find that you can stop users downloading attachments with the 'Can download other file type attachments' permission setting. So this can be turned on for those members you wish to be able to download.
If private then spiders etc., can not load those forums/topics/posts.
 |
YELLOW
SWORDFISH
|
Offline
But it is still possible for anyone to browse the /forum-file-uploads/ directory and access all files uploaded by any user. 
I only want to grant this privilege to Standard Access groups and above. Can I do that?
Offline
Afraid not. Users can only browse their uploads.
Visit Cruise Talk Central and Mr Papa's World
Offline
Mr Papa, the topic here is how to prevent non-logged-in users from browsing the web directory and accessing all the attachments. By default this directory is:
.../wp-content/sp-resources/forum-file-uploads/
Has anyone got a fix?
Offline
fix for what??? not letting users browse directories on you server?? that is not an SP issue but server configuration issue...
you could add a blank index.php into that directory... but that would only help on that directory... you would still have others that are browsable...
what you really need to do is add:
Options -Indexes
to your .htaccess file in your root directory... that command will prevent any user from browsing directories on your server...
Visit Cruise Talk Central and Mr Papa's World
Offline
Thank you My Papa, that certainly put me in the right direction.
I found out I could disable directory browsing with this plugin: http://coffee2code.com/wp-plug.....-listings/
And then I also created some new directories for uploads that no-one would be able to guess. The Cone of Silence is now fully activated! 
Offline
Excellent. I wish it well.
|
YELLOW
SWORDFISH
|
Offline
OK, I am adding a post-script just in case it is useful for anyone else... and for me if i forget! I was still concerned that my forum files would be accessible to someone not logged in but who had somehow obtained the direct link. So I found a relatively easy method to make sure that only logged in users would be able to access that link - it does require that you have access to the server files.
- Install the following plugin and activate it: Private WP suite
- Enable the "disable feed" and "protect uploads" options from within the plugin's settings tab.
- Access the server files and copy the wp-content/uploads/.htaccess file to your forum upload directory
- Now, delete the wp-content/uploads/.htaccess file (or restore it if it existed previously - by default in Wordpress, it does not exist).
- Finally, edit the .htaccess file you have just created in your forum uploads directory so that the RewriteBase variable reflects the actual location of said file as follows:
# Start Private WP suite rewrite rules RewriteEngine On RewriteBase /[path to this file on your server]/wp-content/uploads/ RewriteRule . /[your root directory]/nonexsistent_file_to_trigger_404_error Options -Indexes # End Private WP suite rewrite rules
In my case, this has allowed for an publicly accessible website with an integrated but completely private forum.
Would like to humbly suggest some sort of integration of Private WP Suite with Simple Press as a possible future development as I am sure others would like a fully private forum with a user upload capability rout-of-the-box.
All RSS1 Guest(s)