I am using Wordpress and Easy Digital Download plugin to sell digital files.
I have the following how-to questions:
How to avoid a user to see or to use direct download link?
How to create a download link that has an expiration like session?
How to secure a wp-contents/uploads folder?
You might be interested in this:
deny direct access to a folder and file by htaccess
simply put a .htaccess file with the content "deny from all" in the folder.
Then only scripts from your webspace should be able to read files from there.
This should be a first step. You would need a php-file serving the data instead of accessing those files directly.
Eg like this: http://www.kavoir.com/2009/05/php-hide-the-real-file-url-and-provide-download-via-a-php-script.html
(as I am not aware of wordpress plugins, maybe just google for them, this explains how to write those in php - if you cant do that youre pretty much stuck to wordpress plugins)
Nah, Nah, Nah... It's easy man update your plugin, and check your settings...
Step 2. You will see in you plugin settings, that it has 24 hours expiration date download link in forwarded email
"WP Secure Links" is WordPress plugin at codecanyon that lets you create a secure link to downloadable files.
http://codecanyon.net/item/wp-secure-links/4418678
http://sixthlife.net/product/wp-secure-links/
for securing the uploads folder needs some good .htaccess work
check the comments section of this, its explained
Still relevant in 2020 so I have written a small plugin that enables secure and temporary downloads in Wordpress:
WP DISPATCHER
It is free and simple. Check it out :)
Related
I am creating a website using Joomla 3 CMS. I have a requirement from my client that i need to change the existing page url extension from .html to .htm. As this website is redesign of a existing website the old links have .htm extension.
Open ../libraries/cms/router/site.php
Go to line number 144
And change
if ($format = $uri->getVar('format', 'html'))
to
if ($format = $uri->getVar('format', 'htm'))
I hope that helps
If you don't want to edit core files, and that is certainly not advised for sake of future upgrades. Your best solution is using a custom component for managing Joomla's SEF URLs, for example: sh404SEF (Paid) or JoomSEF (Free).
Check out http://extensions.joomla.org/category/site-management/sef for others.
Never ever edit Joomla Core files, otherwise when you upgrade Joomla, all your changes will be gone.
As #Alexxandar said; use SEO/SEF components for your needs. I recommend to use MijoSEF (Free or Paid)
Go to global configuration and remove the l from the suffix.
THis is a Joomla configuration question and a standard joomla configuration (not programming) option.
Now the one thing you will have to worry about is that if there are any old links to the htm pages. FOr this you will probably want to use the built in redirect component. Turn on the redirect plugin and then if you have a small number of pages you can just set up the redirection by hand. If you have more pages you may want to write the sql to create a bunch of redirects. Or you might want to make your own plugin to permanently redirect the old to the new.
We are running magento on our site www.xsmoke.com. The site is international, so we are using "/country code" - e.g.www.xsmoke.com/de/ etc.
Now we would like to install wordpress in one of the languages only and we want the URL to be "xsmoke.com/de/blog".
But i can't create a folder on that location for the wordpress files because of magento.. Does anyone have an idea for a workaround?
Thanks.
I'm not sure how you've set things up but it would be possible to do this by using the technique involving directories and symlinks for multiple websites (rather than have Magento include the store codes in the url). See the below answer on how to do that;
https://magento.stackexchange.com/questions/13171/multiple-country-specific-stores-on-the-same-domain-show-country-selection-firs#answer-13173
And you'd then just install Wordpress in the /de/blog directory. Otherwise you might be better asking another question tagged with .htaccess and ask for a way to do a rewrite that would handle it in the context of Magento's existing rewrites.
My joomla site is hacked by someone.The hacker change the content of my files and replace their content. I find it and deleted but again and again he is doing this.I changed my ftp and cpanel details.But no use.How to prevent this.Please help me any one
Thanks In Advance
For the moment, at least update to 1.5.26 and after that also install this patch.
Remove any unneeded extensions and also try to make sure that the rest of your extensions are up-to-date as much as possible.
You can also strengthen up your site's security with advanced .htaccess rules and security extensions like admin tools by Akeeba.
Read also:
Joomla Security Checklist
https://joomla.stackexchange.com/questions/2305/what-to-do-if-my-joomla-website-got-hacked
Also, this Google Search Results Page will present you with links to useful and important information.
I am trying to figure out why the tinyMCE WYSIWYG editor in the CMS module of Magento will not upload images. I can create/delete folders but any file will simply not get uploaded, and there seems to be no message as to why the file is not successfully written on the server.
Anyone may have an idea why?
** Update **
I'm using Magento 1.6.2. I have tried to track down the problem and it seems that the controller never gets executed. I have added a line to log the arguments in the uploadAction() action (in Mage_Adminhtml_Cms_Wysiwyg_ImagesController) and nothing gets logged.
This is project inherited from someone else, and was modified to some extend, but nothing seems to point out that this part of Magento would have been touched in anyway by the modifications.
** EDIT**
The project associated with this question has been dropped and I no longer can provide an answer to this question. If anyone can confirm a working answer (as this problem was apparantly common with Magento), I will gladly mark that answer as "accepted".
Otherwise, I will flag this question for removal for the aformentioned reasons.
Thank you.
Other than solutions provided here, it may occur when you use a CDN (or a different domain) for your javascript and media files in admin panel. If you use CDN, use it for your website(s) scope and use your own domain for default scope. It will make your website(s) media and javascript files to be loaded from CDN, and backend's media and javascript files to be loaded from your own domain. This will solve your problem.
There are some known issues with flash image uploader on Magento. Unfortunately when it falls, it falls silently. Here are some cases when smth can break it:
if you try to use it with secured connection using open ssl certificate
if you're using it on server with apache authentication
on some Magento versions with prototype 1.7
I think the latter is your best bet. Maybe you should try to apply the patch from here: http://www.magentocommerce.com/boards/viewthread/4348/P45/#t327010
In my case it was a cross domain problem, and one quite hard to find if you ask me...
What was puzzling me was that the uploader for product images was working like a charm but the one in the CMS section was failing completely silently. We are serving the skin folder from an Amazon S3 bucket, and the flash uploader lives under that folder.
Interestingly enough, our version of Magento (1.7.0.2) is using two different methods to calculate the path to the SWF file, depending whether you are under CMS or Product update.
The CMS file (app/design/adminhtml/default/default/template/cms/browser/content/uploader.phtml) is using the following method to embed the Flash Uploader:
<?php echo $this->getSkinUrl('media/uploader.swf') ?>
While the Product image uploader is using:
<?php echo $this->getUploaderUrl('media/uploader.swf') ?>
In our case, the first one resolves to the AWS S3 url, obviously in a separate domain, while the second one will still reference the local domain's url.
So yeah, the quick, dirty fix would be to replace getSkinUrl for getUploaderUrl in app/design/adminhtml/default/default/template/cms/browser/content/uploader.phtml. Alternatively you can extend the core to load a different template in which you would have replaced that method.
I hope this helps somebody... I wish I had found something like this five days ago when I first stumbled upon the issue :-)
Are you using flash uploader with https? If so, is your secure address in differente domain (usually used in shareds ssl)?
I got some trouble with this. I solved by installing a flash uploader disabler plugin.
You can download the plugin with this downloader key:
http://connect20.magentocommerce.com/community/Dull_Uploader
I hope it helps.
This is my first post to this Forum, please forgive me if this has been answered elsewhere--I did search and was unable to find an answer to my particular problem, so any help would be greatly appreciated.
I am working on a WP site for a client who wants to upload images to new posts (who doesn't hey?). In setting up the site I have done the following:
1) Enabled File Upload by CHMOD default dir to 777.
2) Changed max file size.
3) Changed allowed filetypes to include necessary file types.
When I try to upload anything I get the following error:
“Bobst Expertfold 80 110 (Dec 2010).jpg” has failed to upload due to an error
The uploaded file could not be moved to /var/www/vhosts/glossopcartons.com/httpdocs/wp-content/uploads/2010/12.
The above error mentions 'glossopcartons.com', this WP site is actually sat on glossopcartons.co.uk. It's obvious that there is some kind of virtual host configuration going on and the image is trying to be uploaded to a folder on a different domain (glossopcartons.com instead of glossopcartons.co.uk).
I don't manage the hosting, I have just been assigned with the build. However, I have access to the plesk cpanel but I dont know what I need to do?
Does anyone know what is causing this problem? The site has actually been made live and this issue has been spotted after the launch(everything worked fine on the test server), and I am scratching my head trying to figure it out.
Is there something I can put in my wp-config.php or .htaccess file to tell WP to upload to a different location.
Any help would be greatly appreciated.
Dan
First thing is 777 permisions are too loose and will get you hacked; they should be no more than 755. Hardening WordPress « WordPress Codex
For the difference in URLs: that sounds like a DNS or virtual host config, but try adding the full URL path in Settings>>Media Settings. Might not work.
Why are there sites at both domains? Why not domain forward glossopcartons.com to glossopcartons.co.uk?
Make sure PHP lets you upload files larger than what you are trying to upload.
Experienced the same problem on several old sites. This problem occurs sporadically and is not commonly occuring on other websites on the same server
Try going to your "Media Settings" page... do you see a "Store uploads in this folder" option with a long path to your uploads folder? If so... this is your problem... WordPress 3.5+ does not seem to require this long path, but more of a site relative path (which is great!)
Change your "Store uploads in this folder" to "wp-content/uploads"... when you "save settings" you should see that field disapear entirely, never to bother us again ;-)
This occured for me when my hosting provider changed the folder structure on the server making this long URL incorrect. Therefore WordPress could not find the "uploads" directory at all.
Hope that helps...
Here's some things you might want to check in case your still having problems...
Update to WordPress 3.5 +
Update all plugins
Check file permissions 755 on the uploads dir/
Check PHP version