First of all I searched now for several days and found not a direct answer to: How to protect hotlinks to all files stored in /wp-content? Scenario: aMember 4 (setup with new-rewrite) protects a gallery post(!) so every visitor get's a redirect to sign up. The customer signs up successfully and comes back to the post which can be opened now. Now the customer saves all the direct content links (example: http://www.domain.tld/wp-content/image.jpg) and logs out. Question: Is the customer able to use these hotlinks to open them without logging back in? If so, aMember would protect actually uhh, nothing.
In wordpress aMember protect content of post (text) but not 3ty part asserts. To protect your images you need to protect folder with it at aMember CP -> Protect Content -> Folders
This will cause a problem; The free preview even the logo of the website and every graphic embedded in the website needs a signup first which will no customer do because there is a destroyed text only website without preview content. How about a deeper aMember integration into Wordpress? With a post related protected file list instead of blocking an entire folder which contains free graphics, images and photos too. Wordpress can only manage one content folder yet but Wordpress knows which content is linked to the exact post or page and stores the information in the database somewhere.
You can submit feature request at http://bt.amember.com/ Right now I recommend to save paid and free assets in different folders and protect folder with your paid assets. You can create folder for paid assets outside of wordpress and upload file to it with FTP then just use link to this images in your wp posts/pages. This external folder you can protect with aMember.