Digital Downloads not secured – allowing link sharing

  • Phil

    (@owendevelopment)


    8 years, 1 month ago

    Hi,

    I’m just about to set up some products which are digital download and virtual.

    I’m using Amazon S3 storage and it’s all set up and working – S3 has server-side encryption so trying the S3 link (if not requested from the site domain) blocks downloads – which is great.

    However I’ve noticed that if you copy the link location from an order, or the ‘My Account’ downloads section in Woo, e.g,:

    https://www.domain.com/?download_file=2972&order=wc_order_123456789&[email protected]&key=12345678901bcdefghijkl

    …I can paste that into any browser, from any device, and the download link is able to be used = which isn’t good.

    I can set it so users must be logged in to download, but there are many guest orders, so would like the link to be more protected for everyone. The setting is already set to Force Downloads in admin. I see a key on the end of the URL – does this serve any purpose?

    Surely there is a way to hide the link from Woo-side?

Viewing 1 replies (of 1 total)

  • @owendevelopment this type of functionality is not built into WooCommerce. You can put in a feature request at woo’s github project.

    Otherwise, you can look for 3rd party plugins which can limit the number of times a given download link can be used.

Viewing 1 replies (of 1 total)
  • The topic ‘Digital Downloads not secured – allowing link sharing’ is closed to new replies.