our Music Store files was downloaded without permission

Hi,

Could you send me through my support page, the URL to the website that has been pirated, please?

https://wordpress.dwbooster.com/support

There are some tips to prevent the unauthorized downloads of your audio files, when is used the free version of the plugin.

– With the free version of the plugin you should select the file for selling and the file for demo (the pro version of the plugin generates the file for demo dynamically), for each song of the store, you should use two different files, because the file for demo is accessible from the browsers. If the names of the files for demo, and the files for selling, follow a pattern, would be very easy to identify the audio file for selling, and download it without purchase the song. My recommendation would be to upload the file for selling to a specific directory, and protect this directory with a .htaccess file to prevent the access to the directory from the browsers.

-Enable the option to make the store safer. This option ask to the users the email address used to purchase the plugin, each time the user try to download the purchased file.

– It is possible limit the number of downloads by each purchase, and maintain active the download link by a time period only.

Best regards.

Thank you so much for your quick reply. We using a paid version 1.0.1. of the Music Store plugin and doing everything to keep our store safe…
Are there a some other tips to prevent the unauthorized downloads of our audio files for the paid version of the plugin?
Love and Light,
Irmina Santaika

Hi,

If you want a complete protection of your audio files, you can upload your audio files to a directory protected with a .htaccess file (to prevent the access to the files from the browsers), but in this case you should upload the files to this directory directly through FTP, and entering the absolute URL (https://…) to the files for selling, directly in the corresponding input field in the product’s edition, because the files are not stored in the “Uploads” directory of WordPress.

Best regards.

A very confusing your answer… May I ask you to put it in more simple language.
Thank you,
Irmina Santaika

Hi,

I’m sorry. By default WordPress uploads the files to the “/wp-content/uploads” directory, our plugin always tries to hide the URL to the original files, it copies the purchased files to a special directory called “ms-downloads”. The “/wp-content/uploads” is not safe, and an user can download the files from the “uploads” directory, if they know the complete URL.

So, you have two options, protect all audio files in the “uploads” directory, or storing the files for selling in a different directory (that is the case I’ve explained previously). If you upload a .htaccess file to the “uploads” directory, with the following content:

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} ^.*mp3$
RewriteRule . – [R=403,L]

The accesses to the mp3 files in the uploads directory, and sub-directories, are denied.

Best regards.

Thank you very much dear codepeople for your support!
Love and Light,
Irmina

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} ^.*mp3$
RewriteRule . – [R=403,L]

this code is not working at my end. ineed to restrict the audio and video file access only from within my site

Hi,

The .htaccess is a powerful configuration file for use on web servers running the Apache Web Server software, but the instructions to use in the .htaccess file depend of your server. Please, visit the following links for the htaccess documentation:

https://htaccess-guide.com/
https://httpd.apache.org/docs/current/howto/htaccess.html

Best regards.

hello good night, on my website you had sent me to put the x permission to download the demos without A LICENSE … and then q updated stopped working as I leave the demos to download? : /

Hi Gel Jefferson,

I’m sorry, but I don’t understand exactly the question. The audio files used by demo cannot be protected because they are sent to the browser to be used in the player, and all information sent to the browser is unsafe. If you are using the pro version of the plugin, it is able to create a truncated version of the file to be used as demo.

Best regards.

Hi, we recently reached out to you about this problem because the .htaccess solution did not work. You were kind enough to respond to my email about it with recommendations to us your new version. THANK YOU! It works great. I really think that your customer service approach is excellent!

Love & Light
Irmina

Hello,

We would like to know more about this topic.
We are going to buy the plugin for our customer, and they have hundred of songs and they don’t want undesired downloads.

Questions:
—is there a way to really protect those files in the “upload” folders?
We need to keep using the uploader from the admin – not to use FTP since the website will be handled for our client and they don’t use FTP, just through the website admin desktop.

—What was the solution for customer Irmina Santaika?

Thank you!

Not sure how you can protect the files if you put them in the Upload folder.
One of the solutions initially presented to us was to use a .HTACCESS file
to protect them – it did; no one could steal them, and no one could buy
them. Here was our eventual solution:
1. We used a plug-in (several of them out there for WordPress) that would
prevent unauthorized viewing of our file structure.
2. Created a new folder to store our files in so that they wouldn’t be in
the vulnerable upload folder.
3. Installed the latest version of this plug-in.

So far, we have been secure.

Thanks Irmina, so kind from you to take the time to help with this.
I will write down your solution and have it ready in case I need to use it.
I guess you mean the “Secure Folder” plugin which prevent unauthorized browse & copy files.

Thanks.

Spacer Design, you’re very welcome ??
On our website we use only Secure Folder wp-content/uploads and Wordfence Security plugins.
Love and Light,
Irmina