- This topic has 4 replies, 3 voices, and was last updated 3 years, 2 months ago by
.
-
Posts
-
Hello,
I bought this plugin and I cannot integrate the plugin with Paypal (hosted button). I would like also to understand what risks I will face with the pdf soruces.
1- Fist I need to inform inconsistencies between the documentation, videos and plugin:
The code generated by the plugin in the Direct PayPal Button Integration:
notify_url=http://www.your-domain.com/?pdfs_pp_ipn=process
custom=http://www.your-domain-name.com/wp-content/uploads/my-ebook.pdf
This is the code I have generated in my website. It doesn’t work. The transaction is confirmed by Paylpal by nothing happens.
The code suggested in the video is different
notify_url=http://www.your-domain.com/wp-content/plugins/wp-pdf-stamper/api/ipn_handler.php
custom=http://www.your-domain-name.com/wp-content/uploads/my-ebook.pdf
2- Paypal Integration is not working – I don’t udnerstand why.
I tried both codes and nothing happens, after the paypal payment. The “thank you page” is loaded, however, no stamping is performed and no email is sent.
When checked the “Manage Stamped Files” is empty. I understand it is because the php script was not processed after payment.
3-PDF SECURITY (Sources)
I am confused with your additional recommendations on security.
If I include a “deny from all” htaccess file in the folder, even the manual stamping is not working.
For security reasons I have:
1-activated Ithemes on my website.
2-I have also edited the public_html htaccess after the # END WordPress with the following line
Options -Indexes
3-I would like to stamp protected file (is it possible to use links generated by Prevent Direct Access)
My concerns is how to prevent google search to index the pdf sources and your documentation lacks on security risks and protection.
You mentioned three techniques to protect sources (folder name, empty index and deny from all). However you did not mentioned which will prevent google to index pdfs and to allow direct download.
As I have mentioned, if i put a htaccess file with “deny from all” code in the source folder, even the manual technique is not working.
For me, the protection of pdf sources (books) from direct access via google search is the most critical part of the problem.
I must be sure that this cannot be done. How did you solve that risk?
You’re documentation should include more detailed recommendations on that.
It doesn’t make sense to me to sell ebook that may be found unprotected with a google search.
So address that risk is critical for you to sell mure plugins.
In summary, videos and documentation must be consistent and security issues and recommendations must be detailed an explained with simple words and not only code.
The effect of the proposed solutions should be explained.
Example:
Solution 1 will prevent Problem 1. Etc
Solution 2 will prevent Problem 2. Etc
Your help will be appreciated.
Hello again,
I discovered the sources of my Paypal integration problems.
1- I did not know that it was necessary to activate IPN for my domain in the PayPal console. You should update your documentation on that.
2- Because I was testing the plugin with two new Paypal accounts (one for selling and another for buying), the funds were not immediately transferred causing the plugin to interrupt the stamping (because the cash transfer was not confirmed). I discovered that problem in the plugin logs with the debug mode enabled. The plugin is working as expected now.
However, my security concerns remains. What should I do to protect the folder that contains the pdfs (books) and to
I have uninstalled iThemes and prevent direct access.
So my suggestions are:
1-Include a comment in the documentation that the activation of PayPal IPN is needed (it may be obvious for you but not for your commercial clients, “newbies”, like me).
2-Include in the documentation comments explaining that because the first transactions with a new paypal account may suffered from Paypal controls, reading the log files in debug mode is critical to understand what happens.
3-Include detailed comments on security in order to prevent direct access and google search indexing pdfs.
I would appreciate if someone may explain the procedure to prevent google indexing of the pdf files that are located in the source folder.
Thank you!
I would appreciate if someone may explain the procedure to prevent google indexing of the pdf files that are located in the source folder.
Google only indexes a directory if it is able to “follow” a path to it.
- Placing your source file directory underneath wp-content is “bad,” because wp-content is crawlable.
- Giving your source file directory an unassuming name like “_sfiles” and placing it at the web server’s home (not root) directory level will pretty much prevent Google or any other search engine from crawling it.
The following post should be helpful for you (some of the tips mentioned there can be useful for your particular situation):
https://support.tipsandtricks-hq.com/forums/topic/download-directory-protection
Normally, the IPN feature is enabled by default in a PayPal account so the documentation doesn’t mention that. I will update the documentation to mention that the IPN feature should be checked and enabled.
wzp and admin, thank you very much for your help and advice. I am really satisfied with the plugin and the support.
My source folder is outside wp-content in a dedicated folder, with empty index.html and htaccess (deny from all), no links are directed to the pdfs. The plugin is able to access the folder. So i understand my security configuration is OK. Thanks again!
Best regards
- Placing your source file directory underneath wp-content is “bad,” because wp-content is crawlable.
- You must be logged in to reply to this topic.