Not sure if this is a Bug
Cyberbee 3 months, 3 weeks ago
Hi Hivepress team,
I have noticed that when a message is sent with an attachment, the document gets stored in the media library and if someone (other than the message sender/receiver/admin) has that link/url or finds that after scanning/crawling the site they can access the link and attachment too.
What can be done to ensure these links/attachments are not visible to anyone other than the sender, receiver and the admin?
Thanks.ihor 3 months, 3 weeks ago developer
Thanks for reporting, this is a known issue and it’ll be fixed – there’s no way to block direct URLs, but there will be a random string added to the file names so they would be almost impossible to guess. Meanwhile you can disable the attachment indexing, then guessing the URL (along with the month/year) would be the only way to access the file.Cyberbee 3 months, 2 weeks ago
In the interest of the community here is a workaround which I hope will help others:
Install the ‘Attachment Pages Redirect’ Plugin, or the use Content control plugin to limit access to each attachment media you want to protect.
Also, consider using code or SEO plugins for no index and no follow of attachments.
My concern was more from somebody scanning and crawling the website and not much from guesswork. Hope these measures would help with that?ihor 3 months, 2 weeks ago developer
Thanks for posting the solution! Yes, if you disable indexing and there are no public links to these files then guessing is the only option, scanning will not work.
You must be logged in to reply to this topic.