WordPress.org

Ready to get started?Download WordPress

Forums

DukaPress
[resolved] Digital Downloads Security (5 posts)

  1. mssummer
    Member
    Posted 4 years ago #

    Hello. Finally an eCommerce plugin with AlertPay as a payment gateway! You don't know how long I've been waiting for this!!!

    However, my question is the security of digital downloads. They are kept in this folder, /dpsc_download_files/. Does the buyer get to see where the file gets downloaded after purchasing it? How can I make that folder secure so people don't steal my digital products?

    http://wordpress.org/extend/plugins/dukapress/

  2. moshthepitt
    Member
    Plugin Author

    Posted 4 years ago #

    Hi,

    You can secure the digital files by removing FTP access on the folders dpsc_download_files and dpsc_temp_download_files.

    Also you can set proper file permissions on the dpsc_download_files folder, so that its only available to web-server for processing.

  3. mssummer
    Member
    Posted 4 years ago #

    Hehe do you know how to do this? I've tried googling this but it's not clear to me. Thanks. :)

  4. moepstar
    Member
    Posted 3 years ago #

    Also you can set proper file permissions on the dpsc_download_files folder, so that its only available to web-server for processing.

    I'm not really sure on how you're going to achieve that.

    By definition, to be able to display the picture on the website, the webserver already _has_ to be able to access the file.

    Maybe you mean to disallow listing of the directory? But that is a moot point too as one would be able to crawl all posts/pages/whatever and download the pictures from there...

  5. Parshwa Nemi Jain
    Member
    Posted 3 years ago #

    Hi mssummer,

    The digital files are stored in "/wp-content/uploads/dpsc_download_files/"

    The link is generated by creating a temporary duplicate file in "/wp-content/uploads/dpsc_temp_download_files/".

    So all you have to do is disable directory listing for these directory and you can password protect the "/wp-content/uploads/dpsc_download_files/" for extra precaution.

    You find the steps here:
    http://www.techiecorner.com/106/how-to-disable-directory-browsing-using-htaccess-apache-web-server/

    http://www.openg.info/entry/making-var-www-codes-accessible-internet-apache

    http://www.thesitewizard.com/apache/password-protect-directory.shtml

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags