For starters, if you have not already done so, read the [FAQ] Twonky DLNA Media Server Setup & Use if one is using the WD My Cloud to stream content to DLNA clients. It is generally recommended NOT to put media content in the main “Public” Share folder even though the WD My Cloud User Guide recommends it.
If one is using DLNA to stream then one can put their content into Private Share folders. So long as Media Serving is active on a Private Share the media is accessible to all DLNA clients on the local network.
If you do not have any users connecting remotely, as in outside of the local network, to the WD My Cloud then one can disable Remote Access to try and block remote access from outside the local network. The down side is it may or may not affect local network mobile users who use the WD My Cloud app and WD Photo app to connect to the My Cloud device on the local network. Disabling Remote Access does not appear to affect local network DLNA access to the Twonky Media Server which is embedded into the WD My Cloud. Nor does disabling Remote Access affect the use of file manager software on mobile devices (like ES File Explorer on Android) to access the WD My Cloud on the local network.
The Remote Access option on the WD My Cloud Dashboard does include the ability to manually configure the ports the router uses forward traffic to the WD My Cloud from outside the local network. This WD Support link has more information: How to enable port forwarding on a network router for use with a WD My Cloud, My Book Live, or My Book Live Duo
The bottom line is that the router is what is letting traffic through from the internet to the WD My Cloud provided the WD My Cloud is behind the firewall. There are a variety of steps one can take on the router; from disabling UPnP to forwarding ports to dummy IP addresses, to blocking outbound IP address port or communications, to try and block internet traffic inbound through the router to the WD My Cloud. The way to have true security for remote non local access to the WD My Cloud is to implement a VPN tunnel into the local network and configure the router’s firewall to block all Internet communication to the WD My Cloud so only VPN traffic to the local network will be able to access the WD My Cloud remotely.
On the local network the Public Share folder will always be visible and accessible to all unless one changes the permissions on it either via SSH or turning off Public Access on the Share folder.
