A) The best you can do is look through server logs, if you have access to them. You would have to comb through the logs and you can then find what IP addresses have requested certain files. If any are from human visitors then yes, their web browser has downloaded the file to a cache. Most users aren’t savvy enough to comb through their cache to save images but it is possible.
B) There are several steps to secure the folder.
Step 1: add a .htaccess file right in the /wp-content/ folder. All it needs to contain is
Options -Indexes
That way if someone visits http://example.com/wp-content/ they will not see a list of files to peruse. The file applies to this folder and any subfolders so you’re covered from that angle.
Step 2: discourage search engines from indexing images. Edit your existing, or create a new, robots.txt in your root folder so it is available at http://example.com/robots.txt:
User-agent: Googlebot-Image
Disallow: /wp-content/
This will tell Google not to show any of the files in search results. You may also want to block other search engines – you’ll just add multiple user-agents with the same rule.
Step 3: You should look into other membership plugins as ideally the membership plugin should control access to the files themselves. There are various methods to make the files only available through your server, such as actually moving the content to a folder outside the public html folder and then serving it via PHP, and it really depends on your plugin setup which method will work best, but it’s simplest if the member plugin itself handles this part for you.