Lock bypassed with direct link

Everyone can access my locked content if they enter the direct link of the document in the address bar, like : https://my-website.net/wp-content/uploads/2023/06/example.avi This link is an example, not the actual one. You can access the locked content via /wp-content/uploads. I precise I use the Media Library Folders plugin.

Is something wrong with my settings to be able to achieve such a thing?

Could someone test it on their own website ? Is this a security breach ?

Non-image files cannot be locked through the WP plugin yet. If someone has access to the direct link of the video file like that, they would be able to view it. Try using some other plugin to protect the file directly and embed the video at your page so it can be viewed only in the page.

The videos are already embed in a locked page, nonetheless they can still be clicked on to get the direct link (copier l’adresse vidéo). Then the patrons can cancel their membership and subsequently access to it anytime. That line is the very problem. So no way to remove it from the right-click ? Any plugin ?

EDIT : I am unsure whether it’s an admin feature only or patrons can right-click too. No way to check the locked page mechanics by myself as a mere patron because the website forces me into the admin status.


Its not possible to prevent the users from getting the direct links of embedded videos if they know how to. To avoid that, you would need to upload your video to Vimeo com and allow embedding only at your site and Patreon while setting the video to not be viewable at vimeo.com.