- This topic has 2 replies, 2 voices, and was last updated 12 years, 3 months ago by
.
-
Posts
-
Hi – I’ve searched the forum but can’t find anything specific to this so apologies if it’s already been covered.
My site is hosting PDFs, audio and video on a pay-per-download basis. I was using Amazon S3 for file storage as I think this is probably the best way to protect the content from cheeky people trying to guess download URLs. However I’d like to use the PDF Stamper feature and as I understand it for that to work the PDFs will need to be hosted on my server (not on S3).
What’s best practice for storage of the PDF content in this scenario? If I use the WP uploader it’s not exactly rocket science to guess the URL of my PDFs and therefore download them for free (/wp-content/uploads/2013/01/filename.pdf).
Do you suggest storing files somewhere other than /wp-content and using obscure file names that can’t be guessed?
I vaguely remember reading about storing content outside the /public_html location to protect it but I’m assuming that’s not an option?
Thanks in advance!
Andy
I think this pretty much covers it unless anyone has anything specific to add regarding PDF Stamper?
https://support.tipsandtricks-hq.com/forums/topic/download-directory-protection
You take a look at this post which will give you some handy security pointers.
https://support.tipsandtricks-hq.com/forums/topic/download-directory-protection
For instance renaming the folders in your uploads dir to something which is hard to guess is an easy start. Putting an empty/blank “index.html” is another easy thing to do. You can do lots of stuff but it really depends on how deep you want to get.
- You must be logged in to reply to this topic.