How do I create a secure download page?

[pressingon]

I created my first ebook and I want to make it available for instant downloading. It's online right now, I have my paypal button, and download page, but anyone can access this page without paying.

My question is how do I secure this page so that only those who pay have access to it.

Any help would be very much appreciated.

Thanks in advance.

 

[Jiyoui]

User signed up for quick account

Paypal email account:
email again:
Password:
Password again:​

Set up a system that verifies that a payment has been received from that user's paypal email account. Once verified, the user account get's switched to paid status and thus is able view the download book page.

Now the complicated part would be setting up the codding for this. I don't know the specifics, but the way I think is that, there's always a way.

Important things to keep in mind are:

• Making sure the verify process is fast so you can maintain that instant download feel.
• Make sure the download is only available to the users who are logged on and who's account's status is "paid"
• Keeping track of how many time a "paid" account downloads your book and their ip-address when they access your site.
  
  [*]Yea, they can simply just copy and paste, but you can at least deter the people who are sharing their account​

Obviously with all this set up, you're gonna have to draft a new terms of service and privacy policy.

 

[cherie27]

Despite of the security imposed, people still can download and share the ebooks among the others.

This is another loop hole.

 

[kneepain]

First of all, make sure the page cannot be linked from your website. Subsequently, you might want to use the successful transaction page to point to your secure download page. You can then proceed to create a .hta access function to protect a particular folder.

 

[Teli]

Hi pressingon,
There are multiple ways to protect your product from unauthorized downloads, but usually it would involve some software set up.

I'll offer some tips which may be helpful:
1. Set up a robots.txt file and deny crawling of your download directory and completely block the web archiver (i.e. ia_archiver)
2. Make sure to turn off directory browsing so someone visitng the /download/ folder won't see a list of files in it (this is a biggie!)
3. Use a file name that doesn't contain the words "download" or "thankyou"

Now, that's one way to prevent the link from showing up in the search engines as a result of using the "site:" command. But, if someone should link directly to your download page from another site, then people will still have access to it.

To get around that, there are a couple things you can do:
1. Password protect the directory, then provide the username/password information in the thank you email sent to the customer.

The downside is that people could easily share the username/password and it would be a pain in the butt to change it in the future should pirating become too prevalant.

2. Create a custom back end which provides each user with his own login credentials. This is the better solution because it would easily allow you to deny access to a user who abuses his download privileges, either by sharing your product freely or giving out his username/password.

There are some free solutions out there if you're using PayPal such as IPMn (or you could have something custom coded--I use a custom system that hooks into my WordPress installation), but if you're looking for something a bit more robust, then consider the aMember software which supports PayPal, Clickbank, and a host of other online payment processors and can be integrated into static and dynamic websites. aMember isn't free, but it's a great investment if you plan on growing your online business.

HTH,
~ Teli

 

[djbaxter]

2. Make sure to turn off directory browsing so someone visitng the /download/ folder won't see a list of files in it (this is a biggie!)

This is an excellent security suggestion even if you are not offering downloads.

To do this, add the following line to near the top of your .htaccess file:

Options -Indexes

It's actually good practice to add this line to .htaccess for ALL subfolders and subdomains on your site. If a subfolder doesn't already have an .htaccess file, create one with the following two lines:

Options -Indexes
php_flag register_globals 0

 

[Joseph Ratliff]

There are also commercially available and easy to use scripts like DLGuard which are effective for protecting your download areas...

DLGuard - Download page protector, create expiring download links (not an affiliate link)

 

[Teli]

Great point Joseph! I knew I was forgetting one and I know DLGuard is a less expensive solution than aMember, but will do a great job securing the files. Nice.

 

[Joseph Ratliff]

Great point Joseph! I knew I was forgetting one and I know DLGuard is a less expensive solution than aMember, but will do a great job securing the files. Nice.

Thanks Teli!

Well, the main reason I brought up DLGuard...is because it's designed for the technically challenged (me ) and easy to get started with.

Your solution is actually more secure in my opinion.