Support Forum for Tips and Tricks HQ Products
Security question: If i upload a zip file here: http://cheapsalesleads.com/downloads/travel.zip for download, wont this file still be indexed by the search engines or found by various users/surfers?
Is there a way to secure the "downloads" folder or encrypt the downloads link/file when i add the product in wp estore admin?
eStore takes care of encrypting the download links that are provided to customers.
As for securing the actual files, consider the following...
Create an empty "index.html" file in the directory that contains your downloads. For extra sarcasm, you might put a message in it like:
Find what you're looking for?
Or better yet, a popup ad...
Or you can "play nice" and just redirect them back to your main page:
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourdomain.com">
Also, inside the downloads directory, create an ".htaccess" file with one line:
Options -Indexes
In the server's document root directory, create a "robots.txt" file. It should contain the following lines...
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-includes/
Disallow: /wp-content/themes/
Disallow: /wp-plugins/
Disallow: /downloads/
Basically, create a "Disallow" line for each directory you'd like robots and spiders to ignore. Note: the "robots.txt" is an optional "please don't do that" type of thing. Search engines are not required to honor it.
To enforce mandatory exclusion of directories and files, you can add/edit the ".htaccess" file in the server's root directory, but that gets into the "running with scissors" area. You can do some serious damage, if you aren't careful... 8)
wzp,
If using the Amazon S3 addon feature to deliver secure downloads with expiring links.... do you recommend to also have an index.html file in each bucket and/or folder as mentioned above ?
I was wondering if doing that would add another layer of security along with the buckets being locked down to the public .... not sure if it would be irrelevant with using the S3 feature ?
wzp,
As a follow up then.... having additional folders within your bucket in which your objects are placed into would seem only necessary for organization rather than a traditional approach of 'burying' a file in multiple layers of folders named in an arbitrary way ?
example: bucket name/klepqd/fewOihe/mopWio/woPiejs/your_file.zip
Correct...
A Bucket Full Of Objects -- Amazon S3
http://www.tipsandtricks-hq.com/a-bucket-full-of-objects-amazon-s3-3052
Objects are referenced by their “keys,” which consist of an optional “pseudo folder” (directory) path name, followed by the name of the object. The keys “His-Stuff/test.txt” and “Her-Stuff/test.txt” refer to 2 separate instances of the “test.txt” object. Because the “folder” name part of the keys are unique, so are the object instances. The term “pseudo folder” is used because S3 does not really store objects in folders; the same way that Windows, OS-X or Linux does. The entire object key is considered (by S3) to be the equivalent of a file name.
Great tips.
IMPORTANT to note that Amazon S3 has some limitations with SSL and CNAME / redirections.
You cannot use secured downloads/SSL (https instead http) as well as CNAME redirections:
your_subdomain.your_domain.com/folder/product.zip
INSTEAD OF
your_subdomain.your_domain.com.s3.amzonaws.com/folder/product.zip
In short, you can do
THIS: http://your_subdomain.your_domain.com/folder/product.zip
OR
THAT: https://your_subdomain.your_domain.com.s3.amzonaws.com/folder/product.zip
so
You CANNOT do this: https://your_subdomain.your_domain.com/folder/product.zip
I am weighing the pros and cons...
You must log in to post.
