Protect the download links after purchase???

Viewing 9 replies - 16 through 24 (of 24 total)
  • Plugin Contributor Pippin Williamson

    (@mordauk)

    Use this contact page (be sure to reference this ticket): https://easydigitaldownloads.com/contact-developer/

    Thank you, I sent the link.

    Plugin Contributor Pippin Williamson

    (@mordauk)

    Sorry for the slow reply.

    Go to Downloads > Settings > Misc and check the box for “Enable Symlinks”.

    Does that fix the issue?

    the download links in the emails i receive are fine, they do not show the real path.
    however, if anyone spots the use of EDD, and works out the path to the /uploads/edd/YYYY/MM directory, it’s quite easy to download a file directly.
    not sure if/how that’s achiavable, but is there any way to protect the EDD directories from direct download?

    can anything like this work?
    https://stackoverflow.com/questions/5377117/best-strategy-to-protect-downloadable-files-php-mysql-apache2-server

    Plugin Contributor Pippin Williamson

    (@mordauk)

    Sorry for the delay on this. That stack exchange post is actually quite similar to what the “Enable Symlinks” option in Downloads > Settings > Misc does.

    Plugin Contributor Pippin Williamson

    (@mordauk)

    This issue has been completely resolved in EDD v1.6.

    uhm… not sure about it… unless i’m missing something obvious…

    if i type the complete path /uploads/edd/YYYY/MM/filename.ext, i can still freely download the file.

    whether that path can only be worked out by the site admin or can be revealed during download, i’m not sure, but it hits the file directly.

    and i can’t see the “enable symlinks” option in settings>misc: is that the “Download Method” with “forced” and “redirect” as options?
    if so, which one shoul i enable?

    Plugin Contributor Pippin Williamson

    (@mordauk)

    The “Download Method” option Downloads > Settings > Misc has to be set to “Forced” in order to file protection to be in place. Once you change that setting, it will create a new .htaccess file with the following rules:

    Options -Indexes
deny from all
<FilesMatch '\.(jpg|png|gif)$'>
Order Allow,Deny
Allow from all
</FilesMatch>

    If for whatever reason that file does not get created in wp-content/uploads/edd, you can easily create it.

    Note, the “Forced” download method does not work on 100% of servers. It almost always does, but there are exceptions. When it doesn’t work, the method needs to be set to “Redirect”, which does not have as good file protection. The Symlinks option is only available when the method is set to Redirect.

Viewing 9 replies - 16 through 24 (of 24 total)
  • The topic ‘Protect the download links after purchase???’ is closed to new replies.

Tags