1. saki
  2. Pres-sale questions about WP File Download
  3. Friday, 19 July 2019
  4.  Subscribe via email
Hi,
I need some information before I buy this beautiful plugin. So, we are already using wp-filebase but recently we found that the download link is not secured enough so the other website hotlinked and their visitor downloading files from our server without visiting our site using hotlinks. We have a freeware software and ebook downloading website with more than 4000 files.
My questions are:
1. Is it possible to generate a dynamic download link(inside download button) with time expiration? So I can set the time say for 24 hours and after 24 hours the link would be dead and auto-generate new unique download link when any visitor click to download.

2. All the files are public in our website so the download button would be visible publicly like filehippo.com, the only possible way to secured the download link to make it like dynamic hashtag encoded link using base64 or other encoders like sha256 and setting up expiration time as stated in the first question. My question here is, how secured the download link inside the button? or you already have these features to protect download hotlink in public view?

Thanks in advance and looking forward to hearing from you :)

Have a nice day!
Saki
Responses (8)
Accepted Answer Pending Moderation
Hi,

Thanks for contacting us here about this extension.
1. Is it possible to generate a dynamic download link(inside download button) with time expiration? So I can set the time say for 24 hours and after 24 hours the link would be dead and auto-generate new unique download link when any visitor click to download.

Our plugin does not include the option to set the valid time for URL.
2. All the files are public in our website so the download button would be visible publicly like filehippo.com, the only possible way to secured the download link to make it like dynamic hashtag encoded link using base64 or other encoders like sha256 and setting up expiration time as stated in the first question. My question here is, how secured the download link inside the button? or you already have these features to protect download hotlink in public view?

I'm not sure about the technique in this feature but it could be said that users can only download the file if they have permission only.
That means users can not download the file if they know the URL and do not have the permission. It's applied for registered users.

By the way, the "Password protection" feature has been planned to release in version 5.1 to secure the files and categories in public view.

Hope it helps!
Cheers,
Accepted Answer Pending Moderation
Hi,

It's not directly a feature of our plugin but it's pretty easy to add this functionality:
Just add this few lines in your functions.php template file and you have your hotlinking feature:


add_action('wpfd_file_download', function(){
if (empty($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], "https://yourwebsiteyurl.com/") !==0){
die("hotlinking prohibited");
}
});


Best regards
Accepted Answer Pending Moderation
Thank you for a quick reply.
Unfortunately, the code works only inside my website, not for attacker website.

Is it possible to add these features what I described? I would pay an extra fee for this feature. You can take a look from these two links:
1. https://codecanyon.net/item/wp-one-time-file-download-unique-link-generator-wordpress-plugin/21871469?
2. https://www.codexworld.com/generate-one-time-download-link-with-expiration-php/

The first one is the same plugin I am looking for but it can not do for batch files and the second one is a source code also same problems, can do for one file manually changing path and file name.
Thank you again,
Saki
Accepted Answer Pending Moderation
Unfortunately, the code works only inside my website, not for attacker website.

What do you mean by that?

If another website embed your file link in their website they will not be able to download the file directly (they'all have the "hotlinking prohibited" message).
This code ensure that the visitor have requested the file download from one of your website page.
Accepted Answer Pending Moderation
Of course you'll have to replace "https://www.filehipo.com/" by your website base url.
I have updated my first reply to be more understandable on this point.
Accepted Answer Pending Moderation
I have implemented the code like this:
add_action('wpfd_file_download', function(){
if (empty($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], "https://mywebsite.com/";) !==0){
die("hotlinking prohibited";);
}
});

then the download button with the unique static link becomes dead inside my website. but outside of the website hotlink works. suppose the hotlink is: https://website.com/wpfb_dl=121 (generated by wp filebase plugin). I think this is a plugin bug from filebase so we decided to buy a new one or hire a developer to fix our problems.
Accepted Answer Pending Moderation
I have implemented the code like this:

add_action('wpfd_file_download', function(){
if (empty($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], "https://mywebsite.com/") !==0){
die("hotlinking prohibited");
}
});


then the download button with the unique static link becomes dead inside my website. but outside of the website hotlink works. suppose the hotlink is: https://website.com/wpfb_dl=121 (generated by wp filebase plugin). I think this is a plugin bug from filebase so we decided to buy a new one or hire a developer to fix our problems.
Accepted Answer Pending Moderation
This hook is only available in WP File Download plugin, I don't know how it works for other plugins.
That's why it'll fail with WP File Base
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!