Files Security

    • Henrique Leuschner
      Participant
      # il y a 1 mois et 3 semaines

      Hi, I’ve followed the recommendations on https://wp-customerarea.com/documentation/user-guides/securing-your-private-files/ (running nginx) but I’m still getting the “not secure” notifications. Please advise on next steps

    • Thomas
      Maître des clés
      # il y a 1 mois et 3 semaines

      Hi there,

      Hope you are fine.

      The documentation wasn’t very clear. I have updated it. Can you tell me if it’s better now?

      Do not hesitate to tell me if you need more assistance.

      Regards.

       

    • Thomas
      Maître des clés
      # il y a 1 mois et 3 semaines

      Also,

      I see that you entered the exact same default location into the field.

      You need to move the ftp-uploads and storage folders outside of your public_html directory, and then enter those paths in the corresponding fields.

      Regards.

    • Henrique Leuschner
      Participant
      # il y a 1 mois et 3 semaines

      thanks for your reply, I was in touch with cloudways (my hosting provider) since I was not able to create folders in the root, through FTP; while tackling this they said wordpress users would not be able to access files within the root folder, so I’m curious to get your feedback to try and secure the files asap

      getting them on amazon S3 would be an ideal solution, but I’m not sure if this is feasible.

      thanks and have a great weekend

    • Vincent Mimoun-Prat
      Maître des clés
      # il y a 1 mois et 3 semaines

      while tackling this they said wordpress users would not be able to access files within the root folder

      That’s the point : no one should be able to access those secured files directly. Our PHP script will act as a proxy, or firewall, protecting those files and distributing them only to the users who are really allowed to get them.

      S3 is not available currently on our side, sorry.

    • Henrique Leuschner
      Participant
      # il y a 1 mois et 3 semaines
      understood, gonna try this again with my hosting provider

       

    • Henrique Leuschner
      Participant
      # il y a 1 mois et 3 semaines
      Cette réponse a été marquée comme étant privée.
    • Thomas
      Maître des clés
      # il y a 1 mois et 3 semaines

      Hi,

      As you are trying to secure files without the .htaccess method, you shouldn’t expect our script to be able to test if it’s properly secured or not.

      You have to test that by yourself.
      However, Since you moved that to the private_html folder, I think it is ok. You should maybe make sure about that with your hosting provider, but I assume that the private_html folder is not accessible through HTTP protocol? If users can’t reach that folder from a browser by typing an URL, if PHP can however access it, you can clearly consider your files secured, because nobody can access them anymore through a direct URL.

      Regards.

    • Thomas
      Maître des clés
      # il y a 1 mois et 3 semaines

      “you can place the files inside the private_html folder.  as this folder is not accessible from the browser”

      That’s clearly what they confirmed. I guess you’re fine.
      However, not sure you need to create those /var/www folders into the private_html folder.

      …./private_html/area_cliente/arquivo should be enough.

      Regards.

    • Henrique Leuschner
      Participant
      # il y a 1 mois et 3 semaines

      understood, thank you for your help

    • Henrique Leuschner
      Participant
      # il y a 1 mois et 2 semaines
      Cette réponse a été marquée comme étant privée.
    • Henrique Leuschner
      Participant
      # il y a 1 mois et 2 semaines

      ignore my last post, cloudways support just got back to me and I had inserted the wrong file path.

      Cheers

    • Thomas
      Maître des clés
      # il y a 1 mois et 2 semaines

      No problem 🙂 You’re welcome!

      PS: I marked your replies including attachments as private because they were including sensitive information such as your server paths.

      I am closing this topic, do not hesitate to re-open a new one if needed.
      Also, do not hesitate to post a review about our plugin and support. That would help us, and that would be greatly appreciated! Many thanks.

      Regards.

Vous lisez 12 fils de discussion

The topic ‘Files Security’ is closed to new replies.