- This topic has 3 replies, 2 voices, and was last updated 13 years ago by
.
-
Posts
-
Hi
i understand that when I upload an mp3 via the media library Media tab, the URL is:
http://mywebsite.com/wp-content/uploads/image/etc.mp3 (the mp3 ends up in the media folder on my file directory).
I know that the digital download that customers receive when they purchase is encrypted, but from what I’ve read, shouldn’t the ‘image’ folder where the mp3 gets uploaded to, have a .htaccess and .htpassword file within it?
Thx
Please I need a response as I can’t proceed with building my website.
Thank you.
It’s ok I’ve worked it out.
When I copied the above URL and pasted it into a browser and changed the song title (to another song I had in my media folder), it found all my mp3s without issue. AllI had to do was change the name of the song within the URL and I was in!.
I was able to download/steal my own mp3 easily to my desktop, so a hacker could easily do this.
If a wordpress user knows that files or ebooks or mp3s will be stored in this media folder, and you crusie through a website, just noting the name of the download and changing the above URL to suit, you can gain access to someone files. It’s okay to have an encrypted download link, but the folder must be encrypted also.
I put a .htaccess and .htpassword file in the media folder, then typed the URL into a browser and it asked for my username and password – now the folder is protected!
This may come as a warning to all wordpress users.
If probably haven’t read this thread that explains this in details:
https://support.tipsandtricks-hq.com/forums/topic/download-directory-protection
- You must be logged in to reply to this topic.