To protect files from users that have no access, Poppyz has a dedicated directory on which files are uploaded. For Poppyz to know which users have access to an uploaded file, the admin should upload the file on the course or lesson itself using the Add Media button:

For Divi, the Text module’s Add media button will work as well:

It should be enough if your server is using Apache, but for Nginx the following should be done:

Protecting your files on Nginx

To protect your Poppyz files while NginX, you must locate where your server{} block lives and add the following line (or ask your hosting provider):

location ~ ^/wp-content/uploads/poppyz/(.*?).zip$ { rewrite / permanent; }

Manually Configuring the Redirect

If you are on a self-hosted VPS or other hosting account, you may need to modify the redirect rules in the server config directly.

If you are manually adding the redirect to your server config, it will look like this, if option 1 doesn’t work, try option 2:

# Option 1:
rewrite ^/wp-content/uploads/poppyz/(.*).zip$ / permanent;

# Option 2:
rewrite ^/wp-content/uploads/poppyz/(.*)/(.*).zip$ / permanent;