I want to restrict access to some files uploaded via the admin interface but I cannot rely on the ability to use .htaccess (could be turned off, or they might be using a non-apache web server). I cannot rely on having access to a folder outside the web root, so is there either a directory protected from viewing in wordpress or some way wordpress enables writing files that cannot be viewed publicly?
Is there a directory my plugin can write files to that cannot be viewed via the browser/url?
