Protecting URL Paths

  • kiannachauntis

    (@kiannarexia)


    8 years, 9 months ago

    Hey all, so I have seen a handful of topics that are asking for something similar, but none of it really seems to apply to my situation.

    I have a musician’s website built on WordPress. They want the ability to have users play their songs via an audio player (currently using WordPress’ default player) but they do not want them to be able to access the URL and steal the song.

    I realize that putting anything on the internet risks chances of it being stolen, but I would at least like to make it as hard as possible. Is there a way to scramble or encrypt these paths? Or have users get redirected elsewhere if they try to access anything in the media directory?

    Also note- I found a couple of solutions but they seem to only apply to restricting access to users who are not logged in to the site. From what I’ve read, these solutions end up completely disabling the users ability to listen to the file on the front end anyways. Plus, this is a public site with no membership levels or anything crazy like that.

    I’m really hoping this isn’t impossible! My back up solution was just to recommend to the artist to only upload clips, but I think they really want to have users be able to listen to at least a handful of full-length songs without worry of them being downloaded for free, as they are for sale on iTunes.

    Any help is greatly appreciated- thanks fam!

Viewing 3 replies - 1 through 3 (of 3 total)
  • catacaustic

    (@catacaustic)

    8 years, 9 months ago

    The “best” way to do it is to save the media files in a folder that’s no publicly accessible. As an example, in a cPanel hosting account the website is stored in the public_html folder, so if you create another folder next to that no one will be able to directly access anything in it. Like this…

    / (hosting account root folder)
    /public_html/
        * Website goes in here*
    /media_files/
        * Media files go in here*

    From there you’ll need to set up a PHP script that can check thata request has the permission to get the media file. There’s many different ways of doing that from cookies to nonce’s, to session variables, etc. If the request is allowed to retrieve the file then the PH script will basically pass-through the file to the user as if it was just the standard file. If the user isn’t allowed, then the script blocks them.

    Even though this is about the most secure way to do it, it still will never be 100% secure as once th efile is downloaded by the user they’ll have it in their cache and still be able to access it anyway.

    Thread Starter kiannachauntis

    (@kiannarexia)

    8 years, 9 months ago

    Yeah that’s what I figured :/ There isn’t a way to re-route media files uploaded via WordPress to be placed in a directory outside of the public_html folder is there? While I totally don’t mind just uploading the files via FTP myself, I’m also thinking about future clients and making things as easy as possible for them. Not all of them want to bother with FTP and all that. Right now, I have them uploading the audio via a custom post type, then I just have everything styled out in the theme they’re using so they don’t have to look at any code (which is usually my number 1 priority when building out things for most of my clients)

    Also- any links you can share on how to write the PHP script for the permission to the file? I think this particular client might just opt to use samples of the music instead (because who wants to steal those right? :p ) but I’d definitely like to know in case a future client insists on having a full length song posted.

    Thanks so much!

    Thread Starter kiannachauntis

    (@kiannarexia)

    8 years, 9 months ago

    Does anyone have any recommendations on code to achieve this or the resources at least? Anything is appreciated, this is a little over my head unfortunately…

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Protecting URL Paths’ is closed to new replies.