I have a site in Wordpress that has a PDF link for download that is currently on a password protected page. I am wondering how I can prevent that PDF from being downloaded if someone happens to get the direct file path url for that PDF. Is there maybe a plugin that would help? The site is on AWS so I can't change the .htaccess file as I've seen most people suggest.
The standard approach with AWS is to host your files on S3 and use S3 PreSigned URLs with an expiration.
From your protected by password pages, generated presigned urls in place of the regular download link. Then protect your S3 bucket by making it NOT public. The presigned url will be required to download the file.
A Google search will turn up lots of examples with source code on how to do this. Very easy to do.
Creating a presigned request
Related
I have launched a WordPress site for a private group of people. This site serves as a public representational site, but also they make "posts" with "Private" checked, so only logged in users can see those posts. Everything would be OK, but they also upload image/document files and attach/include them to private or public posts. All is OK with public posts, but when the file is used in a private post, we assume the file is confidential. But here WordPress allows accessing any uploaded file directly via a link (URL), even if you're not logged in to the site from the browser.
I tried searching but can't find something that would actually work. Even FB private groups have this file access restriction for outsiders, GitLab also has permissions, where if you are not in a project, you can't access ANYTHING that's there. It seems like if I used WordPress/Joomla/Drupal, it would be hacking/messing around to achieve what I want.
Do you have any suggestions, maybe to access uploaded files through WordPress (PHP) and not directly via web server, so via PHP I could make some SQL queries and check in what posts that file is included and whether the user is logged in? Also maybe there are some plugins that do exactly that?
P.S. I wouldn't be asking if I knew WordPress in-and-out, but in this case, I just launched it more or less.
One option to fix this problem is to store the file contents in the database as a blob. This could be problematic if the files are large, however, as you predicted: you can ensure that the recipient is authorised before delivering the content. Another option might be to move the file when the post is saved so that it can't be accessed directly at the http endpoint.
In either of these cases, you might then use .htaccess to redirect any GET requests for files within that directory to a new php file that delivers the content. You can check to see if the user is logged in before delivery using standard WordPress function, and/ or pull the content out of the database on the fly. These options require custom code to achieve.
(Is the file being checked for malign content, and the filename being changed to something non-deterministic, by the way? This is a vector for attack.)
If you don't wish to code, you might consider a parallel installation of ownCloud or NextCloud and then in the private post, your users place a link to the file within the other service. Both of these applications provide a number of different clients for various devices, as well as the ability to restrict access to specific groups and users.
I needs to disable direct access of my uploaded PDF files
I used Password Protected Plugin for website , But unable to protect my pdf files
I also tried with nginx
Plugin sometimes not works well with the documents.
So, If you want the password-protected PDF then make the PDF security with a password and after upload it in the upload folder. So it will be not accessed without the password of PDF.
I have some zip files uploaded in my public_html folder and the following links are not working:
http://www.indragni.com/android/TimePickerSample.zip
https://www.indragni.com/android/TimePickerSample.zip
However when I use the following URL, then it works:
indragni.com/android/TimePickerSample.zip
I have 400 videos on Youtube which use the first link type. It will be lot of hasstle to fix them all one by one. Is there any setting in wordpress or inside cpanel etc where I can make the files to be downloaded even after usig http or https in the front.
I have SSL enabled on my website.
A complete WP newbie here...
I want to upload file to the WP site, so users can download it.
From what I see, when uploading to WP, the file gets a long URL which includes wp-content, date, etc. I want it to have a short, permanent URL, ie:
www.mysite.com/setup/setup.exe
How can I do that?
Please note this question applies to only one or two files on my site, the rest of the files (images, mainly) can continue use the same URL scheme.
Thanks!
Create a folder in your ftp where the site is hosted, call it Download then your file will be available at: www.mysite.com/download/file.me
hello i am trying to do this
i need to integrate a wordpress plugin so that when user uploads any video to my wordpress site it directly uploads to amazon s3 and when i need to use that video it gives me the url or automatically redirect to amazon to load the video
when user enters a url then the file uploads to local server and then immediately uploaded to s3 and the file is removed form my server, it is because the amazons3 do not allow remote files to be uploaded directly
ok for all of this is there any plugin? i found some but they allow this form there own interfaces but i need to do is when ever file is uploaded it directly goes to s3 and no other operation is needed to do this
if no plugin then please any tutorial for how to do this will be helpfull
it should be fully integrated with my wordpress theme
regards
This plugin will do the job http://wordpress.org/extend/plugins/tantan-s3/ for any uploads.
If you want to upload theme files to s3 you need to do that manually.
There is this plugin here: http://codecanyon.net/item/wordpress-aws-s3-browser/6470423 chekcout the live demo, I think it does what you need:
Demo: http://www.awss3.redwanhilali.net/?page_id=5#
this plugin can do the work for you perfectly.
http://wordpress.org/extend/plugins/download-monitor/