I have a site running Wordress 2.9.2 with role scoper restricting most content to registered members only. There are a number of file attachments on the site that also need to be private and were till recently. I've upgraded to WP 2.9.2 and have upgraded role scoper to the most recent version and now (I'm not sure when this happened) if I enter the url of a pdf file that is attached to a restricted post, when I'm not logged into the site, I can see it.

When I set up the site originally I did some thorough testing to make sure these files could not be seen and I haven't changed the setup, so I can only conclude it's an issue with one of the upgrades (or upgrade of another plugin, I suppose).

I've been reviewing this forum and note that it appears the restrictions are done using htaccess entries?  Is there some way I can fix this quickly so my attached files are no longer vulnerable? What specificially is the correct code and which directory should it be in (home directory for wordpress or the uploads directory) My only other quick fix is to password protect my uploads directory, which defeats the purpose of having role scoper.

Thanks for your help,

Sophia