What are the tightest permissions that can be used for the folder: wp-content/plugins/wp-easycart-data/products/downloads/ without interfering with the function of the cart itself?
When it's set to 755, the entire planet can go to the download folder in their address bar, save every single downloadable product at an effective price of $0, and bypass the cart entirely. The entire product line is simply listed there with links to the whole directory for anyone who chooses to do so. For physical products it would be no problem. For downloadable ones, it's terrible.
Are permissions the best way to combat this issue, or should this be approached a different way? If so, what should that way be?
When it's set to 755, the entire planet can go to the download folder in their address bar, save every single downloadable product at an effective price of $0, and bypass the cart entirely. The entire product line is simply listed there with links to the whole directory for anyone who chooses to do so. For physical products it would be no problem. For downloadable ones, it's terrible.
Are permissions the best way to combat this issue, or should this be approached a different way? If so, what should that way be?
Comment