WordPress Shortcodes and Amazon S3: Secure Your Content!
by Eric Johnston, Idea Return Technology Director
I’m sure if you provide member-only content, you are aware of the risks of someone taking a link to your paid content and then throwing it all over the internet. All it takes is copying the link and they can redistribute it for free.
The first thing that I want to note is that while its possible to lessen the risk of this, 100% securing your content is nearly impossible. The problem is that while you may not allow them to share the link, if they download your content, chances are they can re-distribute it. You can avoid this by putting passwords on your files (using third party software), but this often just leads to complications for members and bad experiences (such as a paying member not being able to access the file because of a compatibility issue with their software compared to yours). This ends up costing you even more as you try to help troubleshoot the issue.
However, one of the most common ways people like to share content, because of how easy it is, is by sharing the link.
All it takes is finding the link, copying it and sending it to a friend or posting it on Facebook. If you catch it (best case scenario), you can update the link, but this can lead to paying members having difficulties downloading the file (creating a bad experience) and most likely you’ll never know that someone linked it unless you are constantly checking inbound links for your whole domain (and each individual file).
iBELONGmember aims to simplify this for you.
So What Does This Shortcode Do?
First, it creates a link on your WordPress website to your file on Amazon S3 for you. The main perk to using iBELONGmember is that it also automatically adds a layer of protection by making the link that is displayed only available for a set amount of time (15 minutes by default).
Why does your link need this extra layer of protection? Well, imagine that you are providing downloads of your module videos. These are often larger files, so people typically won’t be able to download it and then send it via email to friends and non-paying clients (it takes significantly more effort to share a file outside of just sending a link – especially large files). Instead, they try to copy the link and send it to their friend.
However, the link is only valid for 15 minutes from when the paying member opened the website. Chances are, they’ve also already spent some time on the website, so they won’t even have the full 15 minutes to share the link.
When their friend finally receives the link and is at their computer, ready to download it for free, the link has expired and they are unable to access the file!
This extra complication is a powerful deterrent and can completely remove the desire to share your content (if you’re not tech-savvy, you will most likely assume this means that you are unable to access the file at all).
Now, it is important to note that people who are tech-savvy or who are determined will still be able to get around this protection (such as downloading the file and sending it manually), but this requires a lot more effort than simply copying and pasting the link over to someone else.
By discouraging the sharing of your link through this method, your content is much less likely to be shared, and it will require that someone is constantly re-accessing your content in order to do so. If you had just provided a direct link with no time-expiration, once they shared the link, that link would forever give access to non-paying clients to your content.
So How Do I Protect My Amazon S3 Content?
In order to create the link, we will be using a pair of shortcodes.
[ib_s3_link bucket=“MyAmazonBucket” name="MyFileName.pdf" prefix="MyFolder" expires="30 min”] This is the text that appears as the link [/ib_s3_link]
So let’s breakdown what exactly we need to enter.
Before the text you want displayed to the viewer, you need to insert the following shortcode:
[ib_s3_link bucket=“MyAmazonBucket” name=“MyFileName.pdf"]
You’ll notice that I left a few things out, and I’ll mention why after we look at the bare minimum.
The first thing you’ll notice that we have to change (indicated by being bold) is the MyAmazonBucket. When you use Amazon S3, you will have to create various “buckets” where your files are. Replace this text with the name of the bucket that you created.
The next item you will need to change is MyFileName.pdf. This is the name of your file.
It’s important to note that in this example, our file is in the main bucket. We don’t have it inside of a folder.
If you practice good organization, your file is most likely not just in the main Bucket. You probably have your files organized by folders.
There are two ways of handling this.
- Attach the file like you would a computer directory prior to the file name. In our example, that might be MyFolder/MyFileName.pdf.
- Add after “MyFileName.pdf” the text prefix=“MyFolder”. The prefix=“MyFolder” is telling iBELONGmember and Amazon S3 that the file is inside the prefix (what Amazon calls folders) MyFolder. If you had it within a folder inside of a folder, you would just write it as OuterFolder/InsideFolder.
Sometimes, the 15 minute default isn’t enough time. This could be because you have a lot of large files on a single page, or it might just be your ideal client takes more time to download your content. If this is the case, you can add after “MyFileName.pdf”, expires=“30 min”. This would increase the expiration to 30 minutes. You could also say things like 2 hour or 1 day.
Alternatively you can leave this blank expires=”” or enter expires=“none“ and WordPress will just create a nice clean link for you that doesn’t expire.
Remember that getting a new link for a paying client is as easy as refreshing the page. If you set the timer to an extremely long duration, it also makes your content easier to share because the link won’t expire as quickly.
Now that you have the first shortcode in place, you can insert the text or content (such as an image) that will act as the link. Make sure to paste the ending shortcode after that content:
Everything that appears after the first shortcode and before the last shortcode will now become a secure link to your Amazon S3 file.
When Should I Use This?
In general, you can use this anytime you want to link to an Amazon S3 file from your WordPress website. However, there are times when you don’t really want to create a secure link and might be better off just providing the direct link to your Amazon S3 file (with the expectation that people can share it).
We are happy to look at your specific needs and help determine what method is best for you! If you’re interested, consider scheduling some time through our Strategic Consulting Hourly Block Packages to go over your content distribution in a one-on-one setting with Tonya.
Already know what you want secure, but want to make sure that you did it right (or have someone get everything in place for you)? We do offer done-for-you services and can help with getting your content available to your clients. Don’t worry about if you are doing things right and let us take care of the grunt work. Check out our Tech Implementation Hourly Block Packages for more information and to have us help you get this implemented.