my idea was to create a site where photos can securely be uploaded and viewed by logged in users. There are many options (CMS, etc.) for this. What makes me feel uneasy is that many webhosts create automatic backups of files and then the unencrypted photos will be in there. It is not that I don't trust the admins but is there any way that uploaded files are encrypted so that only logged in users can see them? Thanks for helping.
Related
new here, don't know if I'm doing this right but thought I may ask here. I tell you about the project real quick.
I'm developing a WordPress and Woocomerce website where the product is to request several electricity contracts (some paid, others not) where the clients need to upload a number of documents for us to do said contract. We, the site admins, need to download the client's documents and, once they are greenlight, ready, confirmed, we will upload them back again for the user/client to download. Also, we need this documents to be accesible to the client via their My Account page.
I have struggled so much to find a plugin that does this. I've found tons of file management plugins but those show the root folder of the server and we don't that. Don't know if you guys can recommend me a plugin that does something like this. Maybe one that uses s shortcode? Any help is very much welcome!
So, I have an admin user on Wordpress, I can login, I can post, update, install plugins, etc.
But when I try to find my user name, or email on the database wordpress is using (in wp-config file), I'm not able to locate it. and mine is not the only user I'm not able to find in the database.
Now,I got to this discovery, because our wordpress site was hacked not long ago, I'm going through the files, and I see some random code on the top of index.php or other files.
I clean and get rid of this code, and files too ! ( aindex.php, ajax-index.php. etc.)
At some point in the middle of the night, some files is creating this files, and inserting this random code again. SO I need to do this everyday in the morning, otherwise the wordpress admin doesn't work. Any insight on this too, will be very appreciate it.
Anyway, it is possible that whoever hacked the site, is making wordpress to store new users on an external database ?
Thanks, any help will be appreciate it.
Note I'm using: Wordfence, WP security, Cerber Security, Defender, iThemes Security to help scan the files.
In relation to your first point, users are not stored in wp-config.php. They are stored in the database - you can access the database via your domain.com/phpmyadmin (depending on the database manager you're using).
Within the database tables you will find wp_users and wp_usermeta where the information you are looking for will be stored.
You can have a look at this page for some more information.
I have a membership website where I sell video content but I have found out that users are downloading the content. Although I had tried Amazon with cloudfront and firewall and now moved to vimeo pro, users are always able to download the content using various extensions for chrome or firefox.
Is there a way that the website can detect such extensions and prevent the user from accessing the website? Maybe an overlay with a message would do the trick.
The website is in Wordpress, so any plugin or code would be highly appreciated.
Thanks for your help!
The simple answer is that there is really no effective way to stop people downloading your videos, if you want them to be able to actually view them.
You can authenticate users and control access that way but even this does not stop authenticated users copying and sharing the video.
The usual approach is to accept it will be downloaded and use an encryption mechanism along with a key exchange mechanism which means that only people with the proper rights can see it - this is what the common DRM systems do.
Even with this, your protection level will depend on what you need to protect - if the video is an entertainment video and you just don't want people viewing it for free then this is likely a good enough solution for you. If your video contains sensitive information, e.g. company data etc, that you don't want anyone to know at all then even this won't stop someone simply pointing a camera at the screen and getting (albeit a low quality) copy.
I'm new to wordpress and I need to create a wordpress that allow the administrators to share information and files with users (word, excel, pdf, images, etc).
Each user will have a password and the files are only shared between the user and the administrator (there's no sharing between users).
Maybe that can be accomplished with a post or page targeted for every user. The user would have to be logged to access the page/post and should be able to add content and files. That way the files and info will be only shared between that user and the admin.
Is this a correct approach or there is a better way to do it?
Thanks
Gonzalo
WordPress Download Manager helps you in managing, tracking and controlling your downloads in a more efficient way. You can set access levels, you can add/embed downloadable files anywhere in the post by copying and pasting the embed code.
For more info :
http://www.wpbeginner.com/plugins/how-manage-track-control-file-downloads-wordpress/
I'm looking into building database driven websites based on opensource platforms in a sandbox area rather than having them accessible via the final URL until clients have paid up.
Is anyone aware of any problems this may cause with paths or functionality, or, know of any good articles on the subject?
many thanks
Shaun
There is no bad effect on functionality just because it is in sandbox. Generally, Joomla is almost location independent (untill and unless you are driving multiple websites from same joomla installation)
For security purpose secure the URL via .htaccess file (if more security required then setup a cron to update password every X hours, and email new details to user)
I would suggest having a cut-down, less privileged or demo account for signup users that can still enjoy the overall experience of your site without the full functionality of your killer-webapp services. "Restricting" them in a Sandbox area that is not even the actual site would not be as appealing and convincing as it could be for them to go from "freemium to premium" customers.
I develop all joomla sites on a local server and then upload to the production server once approved. In Joomla, when I upload the files to the production server, I usually need to change the mysql server as well and it can all be changed from the configuration.php file