Suggestions for prevent download outside WordPress

Question

Suggestions for prevent download outside WordPress

Closed this issue 4 years ago · 2 comments

Hi,

First, thanks a lot for this plugins and scripts, its amazing!

I have many problems with forced downloads outside the WordPress, direct on browser just using download url.

Now, i added license verification in my API. But, before verify my license i added simple verification for block downloads outside the WordPress in function checkAuthorization($request). like this:

protected function checkAuthorization($request) {

	    $wp_version = $request->wpVersion;

	    if( $request->action == 'download' and empty($wp_version) ) {

	            $this->exitWithError('Sorry, you cannot download the plugin.' , 403);
	    }
	}

Thanks!

Answer 1 · 2020-08-11T12:51:42.000Z

That looks like it could be useful to some developers.

However, there are situations where it's OK to let users download stuff outside of WordPress. For example, I have a paid plugin where I use wp-update-server both to provide updates and to generate download links for customers that purchase the plugin for the first time. I don't think it would make sense to automatically prevent that by adding this code the the base version of the update server.

Of course, developers who need that option can use your suggestion.

Answer 2 · 2020-08-11T13:43:23.000Z

Hi @YahnisElsts ,

Yes, i really think its not for all users and situations and you cannot use in base version. Many users can generate download external WordPress.

But, I share this suggestion to help other users, if necessary.

Thanks for answering!