By default temporary files Gravity PDF creates are stored in the
tmp folder inside the PDF working directory. As we discussed in the PDF security documentation this directory is protected from direct access by a
.htaccess file. However, this only works for web servers running Apache or Litespeed. This filter allows you to move this folder to a private directory that isn't accessible from the web, ensuring your PDFs stay private.
Your web server needs write access to the folder you move this directory to.
Do you host with WP Engine? Instead of using the filter below, to protect your PDFs you will need to setup a Redirect Rule in your control panel. Set the Source to
^/wp-content/uploads/PDF_EXTENDED_TEMPLATES/tmp/.* and the Destination to your home page.
$path | string
- The path to the
$working_folder | string
- The working directory folder name. By default this is
$upload_path | string
- The path to your uploads directory (where the PDF working directory is stored by default).
The following snippet shows you how you can move the PDF temporary directory to a private folder that's not accessible through a browser:
Once you've verified the filter works correctly, you should manually remove the old directory.
This filter is located in the
Model_Install::setup_template_location() method of