Hi, how can we make the Registration Field file upload secure? It just dumps the files into the media library that anyone can access on the website. My users will be uploading tax forms so I can't have these just sitting on my WP server unencrypted. Any solutions? Thanks.
As far as I know, in most cases this would not normally create a security issue, as Media Library URLs are not public (unless there is a problem with server configuration allowing directory listing). Therefore it would be very difficult to impossible for an attacker to find the exact URL of a file in order to access it directly.
That said, I certainly understand the concern, and it's also important to ensure your server is secured correctly and directory listing / indexing are disabled.
To achieve this, I think the best option would be to use a dedicated plugin that can secure the Media Library. There are a few plugins that can do this, such as:
Hi, how can we make the Registration Field file upload secure? It just dumps the files into the media library that anyone can access on the website. My users will be uploading tax forms so I can't have these just sitting on my WP server unencrypted. Any solutions? Thanks.
Hello Jon,
As far as I know, in most cases this would not normally create a security issue, as Media Library URLs are not public (unless there is a problem with server configuration allowing directory listing). Therefore it would be very difficult to impossible for an attacker to find the exact URL of a file in order to access it directly.
That said, I certainly understand the concern, and it's also important to ensure your server is secured correctly and directory listing / indexing are disabled.
To achieve this, I think the best option would be to use a dedicated plugin that can secure the Media Library. There are a few plugins that can do this, such as:
I would suggest to install and configure one of these plugins so that media files are not directly accessible.
Kind regards,
Stefan