Important information

Because of the certificate for the TWINT plugin being saved inside the plugin directory it is important that you prevent direct access to the directory /wp-content/uploads/mame_twint inside your WordPress installation. After activating the plugin and uploading the certificate (see 1. Settings in the TWINT portal) you can enter the URL (replace to check if the certificate file is accessible. If you get an error everything is set up correctly. Otherwise read on.

Server settings

Depending on your server you will have to make different settings. Please ask your host which settings below apply. In the case of uncertainties we recommend our installation service.


Make sure that inside the Apache config file of your Server AllowOverride All is set. If this is the case no further steps are necessary. Usually only the webhosting company can change these settings.


Add the following restriction to the nginx configuration of your server:

location /pfad/zur/website/wp-content/uploads/mame_twint {
deny all;

Replace  /pfad/zur/website with the path to the WordPress installation.

Other servers

Activate the directory protection for the directory wp-content/uploads/mame_twint in your WordPress installation. On some hosts this is possible directly out of cPanel.