- This topic has 13 replies, 3 voices, and was last updated 6 years, 12 months ago by
.
-
Posts
-
I need to be able to expire a download link after a certain number of downloads.
One way that hackers exploit digital downloads is to purchase with a stolen PayPal account or credit card, then post the download link on a pirate forum. In the course of a few minutes hundreds of downloads can happen.
Being able to limit the number of times an item can be downloaded helps detect and prevent massive losses by this method.
Likewise it would be important to also be able to reset the download counter so that legitimate customers who eventually hit the threshold could contact us and have the download counter reset.
If this is not possible, it should really be added for the sake of anyone selling a digital product with your plugin.
Ok I just found the “Download Limit Count” property and I see where that can help.
But how can you reset the download count for a specific product sale by a customer?
The immediate option is to use the Admin Functions to generate and email them a new link.
Alternatively, you can setup a “self service” system, that is similar to how we allow you to download fresh links:
The self service option would defeat the purpose of limiting the download count.
Hackers (or thieves) would simply hit the limit, reset the links and continue downloading.
Likewise having to manually generate an e-mail with new links is not very good as all of the formatting and extra data carried with the original e-mail would have to be re-created each time.
What is really needed is to be able to do this from the manage customers menu.
If we could select a customer, then a product from the list of what they had purchased, then either resend the original e-mail with new links, or better yet have a new e-mail with a message telling them the download count had been reset and that these were the new links, that would be perfect (and more of a real world solution IMHO).
Since you already have all the data at hand when we are looking at a selected order for a selected customer it would seem that the ability to reset the counter, call the link generator and e-mail a new message with a different template would not be a monumental task.
I think this would be a significant enhancement to a great product!
I am not sure what you mean by “thieves would simply hit the limit”. The download link is ONLY sent to the email of the registered user. How are you going to access the download link if you don’t have access to the email?
Typically the download links are posted on a hacker board. So when someone replies that the links don’t work anymore if there is a way the hacker with the original address could refresh his/her own links they could do that and simply repost the new links.
If they have to come back to us and ask for a resend of the e-mail, then we get a chance to notice suspicious behavior (like too many downloads in too short of a reasonable time) and question them about it (or not send the new links).
That is why we would opt to use a more sophisticated admin feature where we could select an order and resend the links for it.
Also I noticed that the shortcode that resends the new links sends them for all products.
In our case we will have customers that buy different versions (upgrades) to our products for years at a time (we have some that are 10+ years now). So an e-mail that resends 10 year old links mixed in with the latest ones is really confusing to the customer.
You’re going to drive yourself bonkers trying to out-think every possible piracy scenario. Since you seem to be a software developer; perhaps our free Software License Manager (SLM) product might appeal to you:
https://www.tipsandtricks-hq.com/software-license-manager-plugin-for-wordpress
Best of all, eStore already comes with SLM integration.
I’ve been a software developer 35+ years. The crazy ship has already sailed from the port<g>.
The license manager is interesting, but I don’t think it would work for us.
Our SetupBuilder installers are protected and require a unique (per customer) serial number to install. These are generated by the program and currently we import the valid numbers into a desktop application. Then when we issue a new license we enter the data and the program mails out the download links, the installer password and the customer SN for that product.
After giving this a lot more thought, one concern that we have is that having a fully automated system where the user pays with PayPal, and we send both the links and SN automatically is that the PayPal checkout does not do much in the way of validation.
When we get an order, we look to see if it is a “free” e-mail account (such as Yahoo). Then we look at the address and phone number (or lack of them). We look at the name of the buyer as well as check out the domain website if it is not a free e-mail address.
You would be surprised at how often orders come to us that are from a stolen credit card or a hijacked PayPal account.
Since our products are ultimately source products (meaning that once they are installed they COULD be copied and redistributed), we have to take extra precautions.
Otherwise (and we HAVE had this happen) a hacker “buys” one of our products, then puts the installer, the password and a valid registration code on a pirate site. This can literally cost us tens of thousands of dollars a year for even one hijacked product!
Since we never use a public “download” URL posted on our website, I am starting to think that what may be our best course of action is a “hybrid” system.
We could use WP eStore to deliver the download URL for the file to the buyer as soon as the order is placed.
Then we would still validate the order offline and send the e-mail with the registration data from the desktop app. Our customers are used to the slight delay, so that would not be a problem for them.
Then the WP eStore shortcode could be used so they could retrieve their download links if they lose them.
Two other questions:
1) What would be the best way to setup a “my account” page where we could embed the shortcode to retrieve the links? We do have your membership plugin, but don’t want to over complicate things.
2) How does that shortcode work with regards to expired links? IOW, if we had a link set to expire after 10 downloads and the customer goes to their account page and requests new links be sent – they will just get a new link for the expired product and not the old ones too. I think that is how it works, but just want to be sure.
Thanks!
1) What would be the best way to setup a “my account” page where we could embed the shortcode to retrieve the links? We do have your membership plugin, but don’t want to over complicate things.
You can use this addon, that displays a form, similar to the automated update request form that we use:
https://www.tipsandtricks-hq.com/ecommerce/wp-estore-addon-self-re-download-digital-products-2907
2) How does that shortcode work with regards to expired links? IOW, if we had a link set to expire after 10 downloads and the customer goes to their account page and requests new links be sent – they will just get a new link for the expired product and not the old ones too. I think that is how it works, but just want to be sure.
Expired links are like milk… once they expire, the only thing that can be done; is issue “fresh” links; that have their own set of “expiration” criteria.
Thanks – I’ll look into this.
We don’t want to do anything to impede possible sales (such as requiring them to create a customer account to buy – some people have issues with sites like that), but I think we could use this plugin in conjunction with the membership plugin to get what we want.
We would let them know that the only way they can get new links is to have an account (on one of the public pages) and then have the page that this plugin works with be one of the pages that is only visible after they have created an account and logged in.
We would let them know that the only way they can get new links is to have an account (on one of the public pages) and then have the page that this plugin works with be one of the pages that is only visible after they have created an account and logged in.
That sounds like a good idea. A “good place” to do your customer vetting, is when they apply for an account. You could use manual account approval for this.
Here is how to setup manual account approval:
https://support.tipsandtricks-hq.com/forums/topic/setting-up-manual-membership-approval-process
- You must be logged in to reply to this topic.