Making a separate downloads folder – foolish? risky?

  • chezsheles

    (@chezsheles)


    10 years ago

    I am working on a new site where the owner asked me to make a separate folder to ftp documents to. He specifically said something I had not heard before: using the Media Manager in WP could ‘overload the system’ if there are lots of concentrated downloads.

    What he would like to do is load pdfs along with images and mp3s with links throughout his site for people to download. Right now they will be for free or in exchange for giving an email address. In the future (way down the road) he would like to make content available for a fee.

    I was planning on installing easy digital downloads for the eventual fee collections, but hadn’t planned on creating a separate folder for the site owner to upload his files to.

    I have done a number of searches for advice on this topic but it seems as if no one is doing this. So I don’t know where he got his info.

    So here are my questions:

    1. Is creating a folder (called “bob’s downloads”) a good idea?
    2. If yes, then where should I put it? On the root? Anywhere as long as I can remember where it’s located and can point to it?
    3. If yes, are there additional security concerns? If so, what would they be?
    4. If I use Media Manager to upload a pdf, and just create a link to it in the body of a page, are there any security risks with people seeing that the file is located at ‘http://bigshotbob.com/wp-content/uploads/2014/04/bobRecipes.pdf’ ?

    Thanks in advance!

Viewing 3 replies - 1 through 3 (of 3 total)
  • catacaustic

    (@catacaustic)

    10 years ago

    Is creating a folder (called “bob’s downloads”) a good idea?

    In your situation it most likely is. You won’t get the same administration functions as you will as adding files through the media manager, but you can manage files through FTP.

    If yes, then where should I put it? On the root? Anywhere as long as I can remember where it’s located and can point to it?

    That’s up to you. If there’s a chance that the files will need to be private or hidden in the future I’d suggest placing it under the publicly viewable folder so that it’s not accessible, and then use a PP script to serve the files out. That way you can modify the script in the future to allow blocking for non-authorised users.

    If yes, are there additional security concerns? If so, what would they be?

    There’s no security concerns connected to this that aren’t present in using the standard /wp-content/uploads/ folder.

    If I use Media Manager to upload a pdf, and just create a link to it in the body of a page, are there any security risks with people seeing that the file is located at ‘http://bigshotbob.com/wp-content/uploads/2014/04/bobRecipes.pdf’ ?

    See above. 🙂

    chriscct7

    (@chriscct7)

    10 years ago

    Hi there,
    I’m one of the core developers for Easy Digital Downloads. We’ve never heard of “overloading the media library” ever before (and with hundreds of thousands of people using our plugin for serving tens of millions of images, if it was a thing, I would have presumed we would have run into it by now).

    There is however a security concern by moving it out of wp-content if you’re using EDD. EDD uploads all of our images to wp-content/uploads/edd, which has a special script that protects all the files, so customers cannot access them without paying, or discern their actual location. By moving uploads outside this folder, you will lose this protection.

    If you link directly to the file, realize that location isn’t protected. From a security standpoint, theres nothing wrong with that, but if you’re charging customers for access, then people can just download it without paying. That’s why EDD uses our special subfolder of the wp-content/uploads/ folder.

    If you have any questions about EDD, feel free to open a ticket on our support forum at easydigitaldownloads.com/support/ and we’ll be more then happy to answer them :-).

    -Chris

    Thread Starter chezsheles

    (@chezsheles)

    10 years ago

    Hi chris and catacaustic: ok so balancing out what you both say, it seems I have an embarrassment of riches when it comes to choices, like everything else wordpress related. Thanks very much for your quick, clear, and very helpful replies.

    Seems like I should maybe just start with EDD for distribution and not charge anyone … until later (roll the thunder).

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Making a separate downloads folder – foolish? risky?’ is closed to new replies.