- This topic has 8 replies, 4 voices, and was last updated 14 years, 1 month ago by
.
-
Posts
-
Hi
Recently I sent an email for an estore update request which I received. The email told me to delete the eStore plugin and reinstall the new update which I did, and all worked out fine.
However, what I noticed was that my mp3s could not be found when I clicked on the sample play button on my website stating ‘file not found’!
The folder that housed my mp3s is gone! The folder that housed my mp3s sat in a folder ‘mywebsite.com/………wp-cart-for-digital-products/…………………..
3 questions then.
1. Should the folder that houses my mp3s for digital downloads sit within the ……wp-cart-for-digital-products………folder?
2. If so, does this folder get deleted every time I do an eStore update?
3. If so, should I house this folder outside the wp heirachy, say, many encrypted levels down the public html folder? Please help? Claude
1a. There is nothing preventing you from keeping the folder that houses your mp3 files in the wp-cart-for-digital-products folder. HOWEVER…
1b. It is a “best practice” to keep the files someplace else, to prevent accidents like this from occurring.
2a. If you do your upgrades by simply overwriting the existing (old) files, your mp3 folder is unaffected.
2b. If you are a neat-nik like me, who likes to keep things pure and simple by deleting old stuff, then you must either keep your mp3 directory someplace else or be very careful of what you delete.
3a. As per “1b,” it is a best practice to keep your data (mp3 folder) in a separate directory. It can be at the top level (www.example.com/stuff) and will still be protected by the encrypted links. Don’t call it “mp3s-4-sale” just “stuff1,” “stuff2,” etc.
3b. You can also name the folder “.stuff” (prefix the name with a period) to make it invisible to casual drive by browsing. For “extra protection,” create an “.htaccess” file in your mp3 folder (***NOT THE TOP HTML DIRECTORY***) that contains one line:
Options -Indexes
That way, even if someone stumbles across the folder, they can’t see what’s inside; unless they start guessing at the file names.
As a suggestion, the safest way of replacing a plugin directory is to first make a backup, before deleting it:
zip plugin.backup.zip plugin
rm -rf plugin
mv plugin.backup.zip old.plugin.storage.directory
I hope this mishap was something you were able to recover from.
P.S. I found the upgrade instructions you most likely used:
http://www.tipsandtricks-hq.com/ecommerce/wordpress-estore-installation-and-usage-guide-31
And it says…
“If you haven’t stored the downloadable files inside the “downloads” directory of this plugin then you can follow this method of upgrade… * Delete the current version of the WP eStore plugin from the Plugins menu.”
Perhaps Amin or Ivy should edit the instructions to read “…haven’t store the downloadable files anyplace inside the wp-cart-for-digital-products directory…”
@wzp, Thanks for the suggestion. Updated the instruction.
Thx for that info – I have changed folders. I did create a .htaccess file and put it in the folder that holds my mp3s, but how do I create a line:Options -Indexes
Use your favorite text editor. Inside the .htaccess file, the one and only line should be:
Options -Indexes
PLEASE REMEMBER, this is the .htaccess file in your mp3 directory, not the one in your site’s root directory we are talking about.
FYI the .htaccess can be in the main folder and it will stop all folders from displaying.
You can open the one that is installed with WP and below what is already in there just type: Options -Indexes
You should also protect the folder from being indexed by search engines or at least the ones that obey the rules with a robots.txt
Ok I was able to open the file with the editor and type Options -Indexes.
So let me confirm. This .htaccess file I’ve created sits IN my folder with all my mp3s. Is that where this file should be, or in the folder preceeding my mp3 folder?
This .htaccess file is a text file yeah? I just went to my cpanel and clicked on New File and named it .htaccess – is that it?
PS there already is a robot.txt file in my root folder. Whether it was created by wordpress or my hosting company, it’s there.
The “.htaccess” file, we have been talking about, should be INSIDE the folder containing your mp3 files. It is a text file, but its name is “.htaccess” NOT “.htaccess.txt” or anything else, just plain old “.htaccess” (without the quotes!).
If your site already has a robots.txt file, then you should just add the appropriate “Disallow” lines to it, so as to disallow access to your mp3 folder.
@uNeedStuff — The reason I specifically recommend an “.htaccess” file for the folder containing downloads, is to reduce the risk of problems, should someone later edit a higher level “.htaccess” file, by creating multiple failure points in the security architecture.
Large retail stores, such as Walmart, are a good analogy of what I mean by multiple failure points. They rely on CCTV, anti-theft tags, store detectives, and locked cabinets to prevent theft; not just the “greeter” at the door.
Also, it reduces the amount of damage someone could cause; by changing something else that they shouldn’t have
- You must be logged in to reply to this topic.