From the subject line, it sounds like you have already picked a technology (WordPress) and are trying to jam your needed functions into it. If I understand your needs, I suspect that you'll have to roll your own system using PHP and a little MySQL. First, security is paramount -- you want customer files stored on the server side in a place where they can't be reached from the public Web (not under public_html/). That should certainly be possible using PHP. You'll want to have all uploads and downloads protected by SSL (https:) to minimize snooping. I wouldn't be surprised if there were industry or even legal requirements on information security, much as there are with medical data. At the least, your industry group (and some customers) are going to want to know what security measures you've taken.

Uploading a customer file to their own directory on the server should be simple enough. Assume your customers don't even know how to spell FTP. I would use HTML forms and PHP code to upload. Use a non-obvious directory name (something randomly generated, and associated with the customer in the database) as an extra layer of security. Downloading files could be a bit of a puzzler. You probably want to find a way to download customer documents to a specific directory (such as where they came from originally) -- you don't want customers complaining that their vital data is being dropped all over their PC in random places, as that will scare them. A simple link to a file on the server means 1) the customer could end up downloading it just about anywhere, and 2) the file has to be temporarily placed in a publicly-exposed (under public_html/ place, and removed later (a security risk). The problem is that the HTML (Web) structure makes it easy to upload files to the server, but doesn't make it easy to download files to a specific place on the PC (it places that under user control). At the moment, I can't think of a way around it.

Each customer will of course have some sort of ID, and a password to control access. Some bank web pages demand several levels of password/PIN authentication, and even the use of a graphical (glass) keyboard to type in one of them with a mouse. Watch out that you don't violate any handicap-accessibility laws when adding such extra security! I would have at least one level of document backup on both ends, in case a customer botches an edit or accidentally erases a document. It would be easy to notify via PHP mail() the admin when a customer uploads something, and the customer when the admin changes and stores a document (using their own web interface similar to the customer's).

On the customer side, when documents (of all kinds) are in the expected directorie(s), they will use the normal "Office" type programs to view and edit them (spreadsheet, word processor, etc.). You may want to place limits on what kinds of documents and what version numbers you allow, so that your admin can successfully operate on these documents. At the very least, recent levels of MS Excel and Word, and OpenOffice Calc and Write, would be needed.

As I said, this doesn't sound like something you'll find pre-written, at least not in Fantastico. The good news is, that except for the matter of downloading files to a specific place (no matter how inept the customer is at using the File Download pop-up), nothing here should be too complicated. It will just take a lot of care not to overlook some security-related aspect.

MrPhil,
Thanks for the great response. You've outlined some very interesting ideas and guidelines. This file management / security issue has been brewing for a couple years and has now become essential. Since the tax season is starting, and I need more lead time to implement your ideas, I'll probably go quick & dirty with file encryption and email transfers, for now. When a file arrives in a client's email they "should" be more likely to keep track of it.

I'm considering an encryption solution by Arten Science called R10Cipher. They offer cross-platform, bulk licensing so clients can encrypt files at their end, too. I expect some issues with clients learning encrypt/decrypt files, but I guess that'll be true for whatever solution we adopt.

----------
wektech,
I hadn't considered on line community software, interesting idea. I looked briefly at the SMF web site and manual but didn't immediately find any info about secure transactions for file upload / download. I'll need to spend more time looking.

I'll want to play with it some to get a feel for the administrative time required for lots of client accounts.

Thanks for the idea!

Hello, I'm interested in something similar, a wordpress based document server.  Any new developments from the originating post in this thread?? would love to find something work with my wordpress users

thanks!
Dave