I noticed the following: In the form there is an option to upload files. These are saved in the /wordpress/uploads/qform/ directory. The directory is not protected and theoretically you can access it from outside. How can I prevent this?
And: If I click, “don’t save to server”, I thought the file would be sent as an attachment via E-Mail. However, nothing happens here. What I’m doing wrong (only the name is displayed in the email)?