- This topic has 2 replies, 3 voices, and was last updated 7 years, 2 months ago by
.
-
Posts
-
Dear Support,
I created in my website a page where I want to sell my ebooks. All work perfectly… except if I enter the direct link of the media library of my ebook… The ebook will appear and I will be able to download the ebook without making the buying process.
I am afraid If I block the upload folder, the whole media library will not be index.. therefore I just need to block the links of the pdfs.
If someone knows the worpress media settings, any body will be able to enter where the ebooks are stored in the media library of wordpress and download without buying it…
how can I prevent this?
thanks
If someone knows the worpress media settings, any body will be able to enter where the ebooks are stored in the media library of wordpress and download without buying it…
You should try creating a directory for your downloadable files, that is OUTSIDE the directory structure of your website. For instance, creating a “4salestuff” folder at the root level of your server. You’d then use FTP (in BINARY mode) to place your files into this directory.
eStore will then take care of encrypting the download links from this directory that are provided to customers.
As for securing the actual files in the directory, consider the following…
Create an empty “index.html” file in the directory that contains your downloads. For extra sarcasm, you might put a message in it like:
Find what you’re looking for?
Or better yet, a popup ad…
Or you can “play nice” and just redirect them back to your main page:
<meta HTTP-EQUIV=”REFRESH” content=”0; url=http://www.yourdomain.com”>
Also, inside the downloads directory, create an “.htaccess” file with one line:
Options -Indexes
In the server’s document root directory, create a “robots.txt” file. It should contain the following lines…
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-includes/
Disallow: /wp-content/themes/
Disallow: /wp-plugins/
Disallow: /4salestuff/
Basically, create a “Disallow” line for each directory you’d like robots and spiders to ignore. Note: the “robots.txt” is an optional “please don’t do that” type of thing. Search engines are not required to honor it.
To enforce mandatory exclusion of directories and files, you can add/edit the “.htaccess” file in the server’s root directory, but that gets into the “running with scissors” area. You can do some serious damage, if you aren’t careful…
The following post should be helpful for you:
https://support.tipsandtricks-hq.com/forums/topic/download-directory-protection
- You must be logged in to reply to this topic.