Files Security
-
-
Henrique LeuschnerParticipant# 3 years, 4 months ago
Hi, I’ve followed the recommendations on https://wp-customerarea.com/documentation/user-guides/securing-your-private-files/ (running nginx) but I’m still getting the “not secure” notifications. Please advise on next steps
-
ThomasKeymaster# 3 years, 3 months ago
Hi there,
Hope you are fine.
The documentation wasn’t very clear. I have updated it. Can you tell me if it’s better now?
Do not hesitate to tell me if you need more assistance.
Regards.
Want to help WP Customer Area? It only takes few seconds!
Rate & review the plugin on WordPress.org 🙂 -
ThomasKeymaster# 3 years, 3 months ago
Also,
I see that you entered the exact same default location into the field.
You need to move the ftp-uploads and storage folders outside of your public_html directory, and then enter those paths in the corresponding fields.
Regards.
Want to help WP Customer Area? It only takes few seconds!
Rate & review the plugin on WordPress.org 🙂 -
Henrique LeuschnerParticipant# 3 years, 3 months ago
thanks for your reply, I was in touch with cloudways (my hosting provider) since I was not able to create folders in the root, through FTP; while tackling this they said wordpress users would not be able to access files within the root folder, so I’m curious to get your feedback to try and secure the files asap
getting them on amazon S3 would be an ideal solution, but I’m not sure if this is feasible.
thanks and have a great weekend
-
Vincent Mimoun-PratParticipant# 3 years, 3 months ago
while tackling this they said wordpress users would not be able to access files within the root folder
That’s the point : no one should be able to access those secured files directly. Our PHP script will act as a proxy, or firewall, protecting those files and distributing them only to the users who are really allowed to get them.
S3 is not available currently on our side, sorry.
-
Henrique LeuschnerParticipant# 3 years, 3 months agounderstood, gonna try this again with my hosting provider
-
-
ThomasKeymaster# 3 years, 3 months ago
Hi,
As you are trying to secure files without the .htaccess method, you shouldn’t expect our script to be able to test if it’s properly secured or not.
You have to test that by yourself.
However, Since you moved that to the private_html folder, I think it is ok. You should maybe make sure about that with your hosting provider, but I assume that the private_html folder is not accessible through HTTP protocol? If users can’t reach that folder from a browser by typing an URL, if PHP can however access it, you can clearly consider your files secured, because nobody can access them anymore through a direct URL.Regards.
Want to help WP Customer Area? It only takes few seconds!
Rate & review the plugin on WordPress.org 🙂 -
ThomasKeymaster# 3 years, 3 months ago
“you can place the files inside the private_html folder. as this folder is not accessible from the browser”
That’s clearly what they confirmed. I guess you’re fine.
However, not sure you need to create those /var/www folders into the private_html folder.…./private_html/area_cliente/arquivo should be enough.
Regards.
Want to help WP Customer Area? It only takes few seconds!
Rate & review the plugin on WordPress.org 🙂 -
-
-
Henrique LeuschnerParticipant# 3 years, 3 months ago
ignore my last post, cloudways support just got back to me and I had inserted the wrong file path.
Cheers
-
ThomasKeymaster# 3 years, 3 months ago
No problem 🙂 You’re welcome!
PS: I marked your replies including attachments as private because they were including sensitive information such as your server paths.
I am closing this topic, do not hesitate to re-open a new one if needed.
Also, do not hesitate to post a review about our plugin and support. That would help us, and that would be greatly appreciated! Many thanks.Regards.
Want to help WP Customer Area? It only takes few seconds!
Rate & review the plugin on WordPress.org 🙂
-
The topic ‘Files Security’ is closed to new replies.