#1 WordPress forum plugin created by gVectors Team

wpForo – WordPress Forum Plugin
  • Home
  • Forum
  • Migrate to wpForo
  • Addons
  • Addons Demo
  • Documentation

Forum

Home | Forum

wpDiscuz - WordPress Comment Plugin
  • Forums
  • Members
  • Recent Posts
Forums
Main Support Forums
How-to and Troubles...
Attachment URLs - N...
 
Share:
Share
Tweet
Share
Notifications
Clear all

Attachment URLs - Not Secured

    Last Post
RSS

swannmatt
Posts: 2
 swannmatt
Topic starter
June 1, 2018 10:41 am
(@swannmatt)
New Member
Joined: 4 years ago

We are using WPForo and everything seems great so far. The only issue we've found is that if someone gets hold of an attachment URL then anyone can access an uploaded file without having to be logged in. I understand the files are stored within the WordPress media library and potentially this could be the issue.

Are these URL's supposed to require an active session by default? Or is there a mod to support this? Would wpForo Advanced Attachments fix this issue?

Cheers,

Matt

P.S. Please ignore the attachment, I am testing something.

2 Replies
Robert
Posts: 8973
Robert - Twitter
 Robert
Admin
June 2, 2018 2:29 pm
(@robert)
Support Team
Joined: 6 years ago

Hi Matt,

I'm sorry but there is no an extra security functions in file attachment storing and displaying mechanism. All files are public like they are for WordPress other plugins and blog posts.. To make them non-public, we'll have to create a separate API and change image URs to .php files with GET variables like this:

.../attachment.php?attach=23&session=xdf8edshk4r

This kind of URLs are getting lots of conflict with WordPress Security plugins. The direct call of PHP files are blocked by Server and WordPress security systems. This will bring lots of problems on different websites.

In case you want to say thank you !)
We'd really appreciate and be thankful if you leave a good review on plugin page. This is the best way to say thank you to this project and support team.

Reply
1 Reply
swannmatt
 swannmatt
(@swannmatt)
Joined: 4 years ago

New Member
Posts: 2
June 4, 2018 8:28 am
Reply toRobertRobert

No problem at all. I'll put something in myself at some point just wanted to see if there was an option out-of-the-box.

Thanks for the quick and detailed reply.

Reply
  All forum topics
  Previous Topic
Next Topic  

Forum Search

Join Us!

Download wpForo plugin
on WordPress.org

wpForo Addons

wpforo-private-messages wpforo-advanced-attachments-128x128 wpforo-embeds-128x128 wpForo User Custom Fields addon wpForo – Blog Cross Posting addon wpForo Ads Manager wpForo – WooCommerce Memberships Integration wpForo Emoticons wpForo – Tenor GIFs Integration
View all Addons »

Recent Topics

  • Can't change forum slug

    By popvlad82, 2 hours ago

  • Major bug occurring with @user mentions

    By Noved, 2 hours ago

  • Forum description

    By Vijiki, 22 hours ago

  • cant send public messages to friends

    By ReddBeard, 1 day ago

  • Moderation Turned Completely Off...User's Posts Are Still "Awaiting Moderation"...

    By Noved, 1 day ago

  • Slight changes to my forum

    By marios, 2 days ago

Topic Tags

  • css50
  • translation49
  • plugin conflict48
  • seo45
  • new features44
  • buddypress42
  • moderation40
  • ultimate member40
  • avatar40
  • forum40
  • login38
  • registration36
  • threaded layout35
  • cache33
  • editor32
  • menu32
  • shortcode31
  • forum accesses30
  • spam29
  • phrases28
View all tags (2163)

Recent Posts

  • RE: Major bug occurring with @user mentions

    Please view the updated attached image below of another...

    By Noved, 1 hour ago

  • RE: Can't change forum slug

    There are two places for the slug. In wpForo AND mainly...

    By dimalifragis, 2 hours ago

  • RE: Moderation Turned Completely Off...User's Posts Are Still "Awaiting Moderation"...

    @robert Ok thank you!

    By Noved, 2 hours ago

  • RE: wpForo 2 Major Update is Imminent!

    @dimalifragis, It depends on the beta version. We are...

    By Robert, 7 hours ago

  • RE: How to schedule a topic?

    Hi @joselito, I'm sorry, but this will not be availab...

    By Robert, 9 hours ago

  • RE: cant send public messages to friends

    @reddbeard, about Buddy Press Public Messages, you sh...

    By Chris, 11 hours ago

  • RE: Forum description

    @vijiki, Use Custom CSS to hide it on the page.

    By Chris, 12 hours ago

Share:
Share
Tweet
Share
  Forum Statistics
20 Forums
9,773 Topics
49.5 K Posts
5 Online
44.5 K Members

Latest Post: Major bug occurring with @user mentions Our newest member: Are Costume Contact Lenses Saf... Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

Powered by wpForo | Copyright © 2016-2022 gVectors Team
Copyright Registration Service - Click here for more information or to register work
wpForo is Registered with the IP Rights Office
Copyright Registration Service

Ref: 4477265538
  • Home
  • Forum
  • Migrate to wpForo
  • Addons
  • Addons Demo
  • Documentation