How To Secure Content On Amazon S3 With Wordpress

Amazon S3 is a cheap, flexible and powerful way to store files. If you embed movies on your blog, for instance, using S3 makes a lot of sense. But, there is a problem – anybody who knows what they’re doing can STEAL your content and do what they want with it. This isn’t a problem with S3. The problem is in how you interface with S3. Amazon S3 Basics No doubt, I have a lot of readers who don’t use S3 or have no idea what it is all about. So, let me address that first.

Amazon S3 is a cheap, flexible and powerful way to store files. If you embed movies on your blog, for instance, using S3 makes a lot of sense.

But, there is a problem – anybody who knows what they’re doing can STEAL your content and do what they want with it. This isn’t a problem with S3. The problem is in how you interface with S3.

Amazon S3 Basics

No doubt, I have a lot of readers who don’t use S3 or have no idea what it is all about. So, let me address that first.

Amazon S3 is a hosted cloud storage solution brought to you by – surprise! – Amazon. Being a cloud solution, it simply means that it is hosted storage on the Internet and that it is spread around among multiple servers worldwide. What does this mean? Plenty of bandwidth and essentially no chance of losing the information. You’re essentially hosting files with the same system Amazon uses for it’s own sites.

Most bloggers who use S3 use it to host files which are heavily in demand or very large. For example, if you want to host a video file on your blog, it could be a very large file. Streaming it from your web server eats up a lot of bandwidth, plus the server resources it takes up can work your server very hard. Multiply that by a lot of simultaneous web traffic and you can easily bring a server to it’s knees, begging for mercy. At the very least, you’re going to get a nastygram from your web host or be hit with expensive bandwidth overage fees.

So, you use S3. Typically, I use the S3Fox plug-in for Firefox to put files on S3. And then I can embed stuff on the blog.

But, that’s where the kicker comes in…

Letting Your Junk Hang Out

When you put a file on S3, you have to set permissions for the file. Typically, most people open up read permissions so that everyone can access the file. You then go and embed it on your site.

S3 Firefox OrganizerWhat happens if you want people to HAVE to be on your website in order to access the video?

For example, you have a membership site. You don’t want people to be able to rip your videos and redistribute them, right? With the regular way of using S3, people can do that. They just look at your HTML code, find the path to Amazon, and copy/paste the URL.

Now people don’t even need to pay you to view your private content. Not cool. Not cool at all.

Your Solution

Amazon S3 has a built-in way to have controlled access to a file. That said, it is a pain in the ass to use. It requires some PHP programming and who has time for that, right?

The easiest option I’ve found is S3FlowShield.

S3FlowShield is a simple Wordpress plug-in, however it does quite a bit of things for you.

  • Securely link to any file on Amazon S3
  • Prevents hot-linking (people copying your S3 URLs and using them from other sites)
  • Full Flash player built-in, making it easy to display videos “in house” without depending on sites like Youtube (which are public anyway)
  • Flexibility to use any player you want (if you don’t like the built-in one)
  • Securely link to MP3 files (with player)
  • Securely link to downloadable files (great for selling things on your blog and not worrying about people being able to swipe the link and post it somewhere else)

MaxBlogPress Ninja Affiliate ‹ David Risley dot com — WordPress

The license for this plug-in is also multi-site, so you can use it as many times as you want.

Trust me, guys. This is a great plug-in and it works.

And here’s the thing… if you want to have a SECURE membership site with Wordpress, go and use the Wishlist Member plug-in for the membership site, and S3FlowShield to fully secure your content so non-members cannot get to it – ever. It is a true “out of box” solution for Wordpress. All you have left to do is make the content.

My Final Thoughts

If you have ANY content on Amazon S3 that you want controlled access to, you need the S3FlowShield plug-in.

Don’t make the mistake, either, of just saying you’ll host your files locally and avoid the problem. That won’t work. The problem is that the file URLs are easily copy/paste ready. Doesn’t matter if the files are located on your own server or on S3, they’re still wide open unless they are secured down.

Like I said, it can be done manually, but you’ll need to be a programming wizard to figure it out. I simply don’t have time for it, so I am an owner of S3FlowShield and I’m using it for my Inner Circle program (and soon to be others, too).

I’m glad to have S3FlowShield as a tool in my arsenal. Which is why I gladly recommend it to you.

Free Membership Will Get You...

Ability to participate in our forum community, access to exclusive downloads in the library, plus an exclusive subscription to THE EDGE. Sent each Monday, The EDGE will keep you on the cutting edge of Wordpress-based business.

Responses

  1. I've noticed a lot of the big names in blogging host commercial videos (launch stuff) with Amazon S3. I realize it's probably the most cost effective way, but it fairly slow. I wonder if that effects sales/opt-ins at all.

  2. Hmmm. This gives me a lot to think about. On the membership sites I've worked on the videos have been hosted locally. I've been considering Amazon S3 for a soon to be launched site and hadn't even considered the security issues with it yet. Glad I found this article. Thanks!

  3. Hey David,I wrote a PHP script that integrates with Wordpress so that only people who are logged in can view the video. It has the same solution you do, except without the added complexity of S3. (I host all my own videos on my VPS.)Lisa has a copy of it, so you can ask her if you want it. It's simple to set up and use, and it's what I'm using on my sites.Wishlist are slackers in this area. I emailed them and they claimed to have it in the works, so I decided not to sell the script…but they haven't yet come out with it. In fact, they don't seem to have done a new version in months. Wonder what's going on over there.-Erica

  4. Yeah, Joe pretty much stated it. But, the issue, too, is dealing with unscrupulous people. What if somebody buys into your site, gets access to the content, views the HTML source code to the video, spreads it around the Internet, then asks for a refund? You'll never know.

    Wishlist can control access to the material, but once they're in, the person can do whatever they want. This plug-in makes it so that if somebody redistributed the direct S3 link around the Internet, it would do no good at all. It just wouldn't work.

  5. Wishlist makes all of your posts and pages secure, but they don't host your files, so if you're wanting to host them on S3 rather than your website's server, you'll have to find a way to make sure THOSE files are protected. I think I heard rumors that they were going to incorporate some sort of S3 protection into Wishlist at some point, though.

  6. Does Wishlist Member not make things secure out of the box? If they don't doesn't that seem like an oversight / mistake on their part?

  7. As far as I can tell they can't see the URL. They click the URL I give them, then the zip download just starts. I'm sure it's not as secure as this plug-in, though. 🙂

  8. Interesting approach. And people cannot see the S3 URL at all?

    And, yeah, the real power of the S3FlowShield plug-in is in multimedia streaming. So many membership sites these days are using video and MP3 streaming, and this will secure it all quite well.

  9. Thanks for this, David.

    I use Wishlist Member, Wordpress, and Headway to run my membership sites. To create secure downloads, I create a page in wordpress that redirects to the zip file URL on the S3 server. I then make that page a members-only page (in Wishlist Member), so if members share the URL with anyone, they can't access it unless they're logged in. So members don't see the actual URL, and the URL doesn't work for non-members.

    This obviously doesn't work for streaming…but it's a nice way to secure download files without adding another plug-in.

Join The Community (For Free). You'll Get...​

Related Articles You Might Like

Create Your FREE Account!

Join and participate in the community, access exclusive resources in the Document Vault, and get a free subscription to THE EDGE.

Your membership is free for life.