Files Security

    • Henrique Leuschner
      Participant
      # 3 years, 4 months ago

      Hi, I’ve followed the recommendations on https://wp-customerarea.com/documentation/user-guides/securing-your-private-files/ (running nginx) but I’m still getting the “not secure” notifications. Please advise on next steps

    • Thomas
      Keymaster
      # 3 years, 3 months ago

      Hi there,

      Hope you are fine.

      The documentation wasn’t very clear. I have updated it. Can you tell me if it’s better now?

      Do not hesitate to tell me if you need more assistance.

      Regards.

       

      Want to help WP Customer Area? It only takes few seconds!
      Rate & review the plugin on WordPress.org 🙂

    • Thomas
      Keymaster
      # 3 years, 3 months ago

      Also,

      I see that you entered the exact same default location into the field.

      You need to move the ftp-uploads and storage folders outside of your public_html directory, and then enter those paths in the corresponding fields.

      Regards.

      Want to help WP Customer Area? It only takes few seconds!
      Rate & review the plugin on WordPress.org 🙂

    • Henrique Leuschner
      Participant
      # 3 years, 3 months ago

      thanks for your reply, I was in touch with cloudways (my hosting provider) since I was not able to create folders in the root, through FTP; while tackling this they said wordpress users would not be able to access files within the root folder, so I’m curious to get your feedback to try and secure the files asap

      getting them on amazon S3 would be an ideal solution, but I’m not sure if this is feasible.

      thanks and have a great weekend

    • Vincent Mimoun-Prat
      Participant
      # 3 years, 3 months ago

      while tackling this they said wordpress users would not be able to access files within the root folder

      That’s the point : no one should be able to access those secured files directly. Our PHP script will act as a proxy, or firewall, protecting those files and distributing them only to the users who are really allowed to get them.

      S3 is not available currently on our side, sorry.

    • Henrique Leuschner
      Participant
      # 3 years, 3 months ago
      understood, gonna try this again with my hosting provider

       

    • Henrique Leuschner
      Participant
      # 3 years, 3 months ago
      This reply has been marked as private.
    • Thomas
      Keymaster
      # 3 years, 3 months ago

      Hi,

      As you are trying to secure files without the .htaccess method, you shouldn’t expect our script to be able to test if it’s properly secured or not.

      You have to test that by yourself.
      However, Since you moved that to the private_html folder, I think it is ok. You should maybe make sure about that with your hosting provider, but I assume that the private_html folder is not accessible through HTTP protocol? If users can’t reach that folder from a browser by typing an URL, if PHP can however access it, you can clearly consider your files secured, because nobody can access them anymore through a direct URL.

      Regards.

      Want to help WP Customer Area? It only takes few seconds!
      Rate & review the plugin on WordPress.org 🙂

    • Thomas
      Keymaster
      # 3 years, 3 months ago

      “you can place the files inside the private_html folder.  as this folder is not accessible from the browser”

      That’s clearly what they confirmed. I guess you’re fine.
      However, not sure you need to create those /var/www folders into the private_html folder.

      …./private_html/area_cliente/arquivo should be enough.

      Regards.

      Want to help WP Customer Area? It only takes few seconds!
      Rate & review the plugin on WordPress.org 🙂

    • Henrique Leuschner
      Participant
      # 3 years, 3 months ago

      understood, thank you for your help

    • Henrique Leuschner
      Participant
      # 3 years, 3 months ago
      This reply has been marked as private.
    • Henrique Leuschner
      Participant
      # 3 years, 3 months ago

      ignore my last post, cloudways support just got back to me and I had inserted the wrong file path.

      Cheers

    • Thomas
      Keymaster
      # 3 years, 3 months ago

      No problem 🙂 You’re welcome!

      PS: I marked your replies including attachments as private because they were including sensitive information such as your server paths.

      I am closing this topic, do not hesitate to re-open a new one if needed.
      Also, do not hesitate to post a review about our plugin and support. That would help us, and that would be greatly appreciated! Many thanks.

      Regards.

      Want to help WP Customer Area? It only takes few seconds!
      Rate & review the plugin on WordPress.org 🙂

Viewing 12 reply threads

The topic ‘Files Security’ is closed to new replies.