![]() Loop over these posts and update the '_cred_post_expiration_time' meta field with the new timestamp using update_post_meta. Use WP_Query to get all posts by the desired author. Use some custom field value to generate a timestamp in the future with PHP's date and time functions. To get the value of a Types custom field, you can use get_post_meta, and apply the "wpcf-" prefix to the field slug from wp-admin. To trigger some code when a post is saved, you can use the WordPress hook save_post. The CRED expiration date and time is stored as a Unix timestamp in the field _cred_post_expiration_time in the postmeta table. I can help troubleshoot any code related to the Toolset API, or information stored in Types custom fields. The ability to have different versions of the same file downloaded (think software, where you might want to make versions 1.0 and 1.There's not a simple solution here, and it will require a significant amount of custom code.The ability to see how many times a file has been downloaded, right in the WordPress dashboard.In addition to providing this protection of files that need to be restricted to specific users, it also gives you some additional features: htaccess rules do not apply), and delivers the file to the browser as a download. If so, PHP retrieves the file on the server (because it is accessing the file directly on the hard drive, and not through a URL, the Apache. ![]() It checks to see if the user has the correct permissions to access the file. Links in your posts/pages point to a new path, for example: /download/my_private_file/ that is managed by the Download Monitor plugin.htaccess file (instructions to the Apache web server) do not allow anyone access to the files in it (“ deny from all” is the rule). All files that are uploaded to the site using the Download Monitor custom content type are stored in a separate folder in WordPress (/wp-content/uploads/dlm_uploads/ to be exact).The solution to this problem is to have WordPress act as an intermediary between the request for the file, and the file itself, allowing permissions to be verified in the process.Įnter Download Monitor, a handy plugin that will do exactly that, by doing two things: So calling will get delivered to anyone who asks for it. The web server (Apache in this case) serves up the file without ever getting the PHP engine involved. When your web browser is loading images, PDFs, videos, and other content that isn’t a web page, WordPress does not get involved in the process. In this case, there were lots of PDF documents on the site, that were thought to only be accessible by “members”, since they were linked to from the pages that were in the Member’s Only area.īlocking content from being accessed is done in WordPress through PHP code that checks which user you are, if you have the right permissions, etc. AttachmentsĮven if your page/post is protected, any files you upload to the media library and attach to the post are still accessible if the address is known. Lesson: Make sure all pages that should be hidden from public view are protected. This also meant that the URL to these pages is published in sitemaps, which make it really easy for search engines, like Google, to find the content. If you knew the direct URL to the sub-pages, you could get the content as an anonymous user. I can only assume here, but it looks like the person setting up the pages assumed that since you couldn’t access these pages from anywhere on the site except for the protected page, that all was good. The Member’s Only page was corrected being “blocked” (WP-Members plugin terminology) – requiring a user to be logged in, but after that is where the problems started.Īlthough the Member’s Only page was correctly blocked, the pages deeper down into the site were not. In this particular case, the website’s “Members Only” area was being protected using the WP-Members plugin, although this problem would have happened even if using WordPress’ built-in “protected post” feature. There are several ways of fixing this problem, and I thought I’d share one with you. This makes PublishPress Future a great addition for TaxoPress users. Posts that are no longer valid can be automatically deleted, moved to a new status, or assigned to a new Tag or Category. Last month, I was asked to investigate why content that a website owner thought was protected behind their website’s “Members Only” area was showing up on Google, much to their horror. PublishPress Future is a plugin that manages everything automatically so you can relax and let WordPress do the work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |