@ibloom
Thank you, this is actually the thing which I would like to recommend you to do.
"Prevent Direct Access" Plugin
-
Has anyone had experience of using this plugin with WPFTS? We thought it might be the answer to preventing non-members of our Society from seeing protected pdf files - i.e. the ones that our members pay subscriptions in order to see.
We installed the free version as a trial but, in addition to a number of other shortcomings, we discovered that non-members could find references/excerpts to the protected files in the search results using WPFTS search (which is good), but that clicking on the search result opened the protected file (which is bad). There is an option to buy a "Gold" upgrade to the plugin, but I'd like some confidence it will work before paying, and a query to the developer hasn't yet been responded to.
I did exchange some emails on protecting files with Epsilon a couple of months ago, but I thought this plugin might offer a straightforward way to protect our pdfs. -
Hi @Nick
It's not possible to protect files from "direct" access using only PHP. I'll explain it.
How does it work? The webserver which you're using (either Apache, LightHTTP, or Nginx) always provides access to files that are stored on the disk. The PHP scripts (and any possible plugins for WP, since they are all written in PHP) can not prevent this.
But there are 2 ways to overcome this situation.
-
The developer can modify the server configuration to prevent direct access to PDF files.
-
You can remove direct links from public places (from webpages) so users will not know them and thus can not access them. And instead show a "protected" version of links where user access level is checked.
-
-
Usually, I propose both solutions for clients, as it guarantees that nobody can access files being a non-authorized user for this.
I going to explain in details how to implement that somewhere on the forum and put direct links here.
-
I know that some users will want to make accessing media files impossible, which I believe involves a plugin like "Prevent Direct Access".
On our website, our pdfs are copies of our magazines, and we would be content with just making it difficult for non-members to access them.
Is it possible to use the internal "attachment" page of the file to do this?
We could make this page members only, but could we also set up an automatic redirection command from this page to the URL of the document? Hence, a non-members would not see this page but would be taken to the "Join Us" (instead of 404) page. Members would not see it either, because they would be automatically redirected to the document.
Might this work? -
Hi @Nick
Yes, using a protected attachment template is way #2 which I explained above.
It may be hard to achieve this type of protection by plugins because:- This is very dependable from the plugin which you're using to manage user rights.
- Normally it requires to change the theme template files, which 3rd party plugins often avoid to do.
Please tell me which plugin you're using to manage user rights (or no plugin for this, in that case we could use logged-in/non-logged-in access case). And I will provide you the ready code to test.
Also, please don't forget to switch these two options OFF to use attachment pages instead of direct links.
-
Good morning, we are using the Members Plugin (by Memberpress) version 3.1.3.
I'm very grateful that you are taking an interest in this topic. One of the, perhaps, unintended consequences of WPFTS is, obviously, that it makes it a lot easier to find documents that were previously difficult to find because they were hiding in full sight amongst, in our case, hundreds of other documents. As I've said before, often it is just inconvenient and might lead to a minor loss of new members, but in other cases it could have very adverse effects on their businesses. I think this is one of the topics that is worth discussion, even though the solution will sometimes lie with a different plugin.
By the way, we did try having the "attachment" page visible for a while, but it displayed an enormous image of the document thumbnail, with a much smaller copy that contained the link below it. The link was, therefore, effectively hidden by the large image. Hence, using it as we have discussed but not being able to see it (at least, not for more than a second or two) would be very good.. Nick -
Hi @Nick
Well, I think your attachment page should be remade anyway. To keep the actual PDF link hidden for guests we need to make an immediate redirection from this page to the PDF file, but in this case, we can not show "some seconds preview" on the page.
What we should do exactly.
I made another article with the sample code and explanations
https://fulltextsearch.org/forum/topic/40/protect-attachment-file-from-downloading-without-pluginsPlease feel free to read and try.
Unfortunately, I can not find the working copy of the Memberpress plugin or their "developers manual" to fix the code for this exact plugin.
-
Thank you so much. We'll try this, and I'll let you know the results.