CM Download (CMDM) - Troubleshooting - Protecting The Upload Directory With a .htaccess File
Protecting the upload directory with .htaccess file
This is an advanced topic. If you are not comfortable editing the file, please contact your server administrator or web host.
The uploaded files are stored in the default WordPress' directory: wp-content/uploads/cmdm.
If you want to protect those files from sniffing by web robots and you're using Apache HTTP Server you can create a .httaccess file in the uploads/cmdm directory that will tell your server to not serve those files.
Notice: .htaccess file works only on Apache HTTP Server.
Order Deny,Allow Deny from all <FilesMatch "\.(?i:jpg|jpeg|png|gif|webp)$"> Allow from all </FilesMatch>
By using the FIlesMatch section you can specify which files extensions will be still available through the web browser, if you need to provide a preview or a player on the download page.
Add your own extensions (pdf|doc|docx) if you want to preview those files.