Securing your private files

Private files are uploaded by default to a folder particular to each owner with a compllicated name. However, if someone knows the URL of a particular user file, he could download it without restriction. The reason behind this is that by default, the user folders are located in the wp-content/customer-area folder which is not protected. You have two possibilities to protect this folder.

By changing that folder location

WP Customer Area 6.2 and above

The path to the file storage folder can be indicated in the plugin settings under the files tab.

WP Customer Area 5.0 to 6.1

You will change the directory where files are stored using a filter in your theme’s functions.php file:

function cuar_change_private_directory($original_dir) {
  return '/path/to/my/own/directory';
}
add_filter('cuar/core/ownership/base-private-storage-directory', 'cuar_change_private_directory');

WP Customer Area up to 4.x

This method cannot be used.

With a .htaccess file

This method is compatible with any version of WP Customer Area but requires an Apache server.

You can secure the folder by copying the file protect-downloads.htaccess included in our plugin’s extras folder to the plugin’s upload folder (it should be /wp-content/customer-area).

Then you will need to rename that file as .htaccess so that your server takes it into account. You may need to adjust a few settings in the .htaccess file depending on your server setup.