Not for the next release, sorry. We're too busy with other changes now.

This would be incredibly useful for our organisation, and it's a real shame Wild Apricot can't store files more securely.

The most important feature for us is restricting public access to files for specific membership groups. We don't have many admins so we can trust them not to wildly delete files without permission.

At the moment, I understand that files won't appear in search enginers, but they are still publicly accessible (people could share the links to the files with anyone). This is not appropriate for confidential information - such as minutes of meetings and financial records - and it would be very useful to be able to hold this type of information centrally where only certain people can access it.

For us, it would ideally work as follows:
* An admin uploads a file to a special 'private' folder.
* A new type of 'functional page' could be added to a restricted acces section of the website that automatically lists the contents of this folder, sorted by title or date or whatever.

* Only members in a particular group (e.g. board members) can see this page, and the files linked to.

We really hope you can work on this feature for the next release!

Kimberly, just to clarify: one link posted somewhere on a public page can not expose all of your documents, it would only expose that particular file. There is no link that would lead to the whole library of your files and allow Google to crawl and index it. They will only index specific files linked from publicly posted links.

Thanks for the quick response!!

I'm primarily concerned about a search engine parsing our site. I don't want to go to Google, for example, and find our Pledge Manual. We expect our members to download the files, so that part's okay.

We can follow your suggestion about links and the naming convention for now. However, It only takes one link, from one content manager who doesn't know the "work around" to expose all of our docs.

I hope the WA team seriously considers moving forward with this enhancement.

Thanks again,
-Kimberly

Hi Kimberly,

Thanks for posting. I have merged your posts into existing thread.

Quick comment for now: your files can now be accessed only if somebody knows a direct link to a particular file (and if that link is posted on a public page, search engines would index the file). So if your files are named in a non-obvious way and you only link to files from member only pages, there is no way for unauthorized people to access them. The exception of course is if a member shares a link with someone - though you can't really prevent this since anyone who has access to file can download and forward it anyway.

Hi,

We set up a trial site to determine whether or not to migrate my sorority's website to Wild Apricot. We were VERY excited to see all of the functionality for managing membership, events, eblasts, etc.

We were ready to allocate funds to purchase the subscription until we discovered that there is no way to secure files. Our financially active members needs access to sensitive organizational info such as financial reports, national policy/procedures, and rituals.

I would suspect that any group / organization that has paid members has a need to secure their content.

Please let me know if there is a plan to address this gap and timing for implementation.

Thanks,-Kimberly

Hi,

We set up a trial site to determine whether or not to migrate my sorority's website to Wild Apricot. We were VERY excited to see all of the functionality for managing membership, events, eblasts, etc.

We were ready to allocate funds to purchase the subscription until we discovered that there is no way to secure files. Our financially active members needs access to sensitive organizational info such as financial reports, national policy/procedures, and rituals.

Please let me know if there is a plan to address this gap and timing for implementation.

Thanks,

-Kimberly

I agree that this would be extremely helpful functionality, particularly if one is using Wild Apricot for groups or committees to work together and/or as one's main website.

Just FYI: they can only be found by Google if someone posts a link to then on some other public webpage.

This is a huge issue for us: we have documents that are available free of charge to members, but for which others have to pay (a lot). We have just discovered that they can be found using Google...

Clearly, we will restructure the document storage and ensure that there are no public links to the new locations: but this is really very disappointing.

Of your options, '1' is the big one. '2' is vastly less important.

Google can't find them if you do not link to those documents on public pages. Google can't guess their URLs - instead their crawlers follow the links from pages they already have access too (start from site homepage, follow links from there)

Wow, the reality is files are not securely stored. It means Google's search engine will find our pdf documents, Word files, and Spreadsheet and list them in search results.

There needs to be a place where no one but those who have been given access can download files. On a standard website, this is done by creating a folder for files inside another secure folder.

Until Wild Apricot does provide secure storage of files, what is a work-around that you are using?

Both are important - which ranks higher depends on the organization.

For us the later is least important in the short term but....

Let me summarize: we are talking about 2 kind of restrictions to the files:

1) On public/member side of the site:
When an admin added file link to the web pages, this link should be available to only specific groups of visitors. And even if the visitor allowed to download the document would copy the link and send to somebody else, this person will not be able to open the file.

2) On admin part site:
Not all admins are allowed to add/view/delete all files. Some admin should be restricted to only specific number of files (folders). This allows to keep files that are available only for full site admins and admins with partial admin access will not be able to view/delete or download the files.

Are both points important? Or only first one?

I agree - our association would also like to control file content at the folder level to logged-in members only. (For example, document downloads.)

I sell information. The most modern way of doing that is through audio and video, but there isn't enough space here to do that without linking to youtube (which isn't membership protected) or going off site. It's enough of a bother to keep me searching for another member management service. :(

Not to mention that it took me 2 hours to figure that out. Linking audio and video isn't difficult to do. I just assumed that that would be a part of this program too.

I definitely support this. On one of the marketing pages, the sentence "Easily upload PDF documents, Microsoft Word files and Excel spreadsheets into the secure members-only section." definitely implies that documents are secure.

Was not impressed by tech support telling me that there is no WA search engine - one would have to use a third-party public search engine. Most people use google, etc. very well.

Really disappointed in this. Looks like we will be investigating migrating all board documents (3 years of PDFs) to our restricted googles group.

Restricted file access within the members-only area is of highest priority to my organization.

In fact, we bought into this system based on, among other things, the statement found in your website that (WildApricot does) "Provide secured access to members.
Create web pages with premium content accessible only to your members - industry research, best practices and more. Easily upload PDF documents, Microsoft Word files and Excel spreadsheets into the secure members-only section."

We would hope to see this feature implemented in the very near future.

We also have board-sensitive and members-only documents that we want to distribute via our web site with access restrictions. webDAV would be interesting, but access restrictions over http is the key feature for us.

A secure file storage area would be a huge benefit to our organization where we change officers every year. If there was a secure area, our board members would save files in the secure area as they work on them. Right now we have a restricted access area for our board members and this has helped improve the transition.

If this restricted access area could have a folder associated with the restricted area that any file placed in this area could only be accessed by users that are granted access to the restricted access area. When using the file browser tool the secure file should be differentiated with the padlock symbol or something similar identifier. This secure area should be accessible through webDAV based on username & password.