Amazon S3 is a cheap, flexible and powerful way to store files. If you embed movies on your blog, for instance, using S3 makes a lot of sense.
But, there is a problem – anybody who knows what they’re doing can STEAL your content and do what they want with it. This isn’t a problem with S3. The problem is in how you interface with S3.
Amazon S3 Basics
No doubt, I have a lot of readers who don’t use S3 or have no idea what it is all about. So, let me address that first.
Amazon S3 is a hosted cloud storage solution brought to you by – surprise! – Amazon. Being a cloud solution, it simply means that it is hosted storage on the Internet and that it is spread around among multiple servers worldwide. What does this mean? Plenty of bandwidth and essentially no chance of losing the information. You’re essentially hosting files with the same system Amazon uses for it’s own sites.
Most bloggers who use S3 use it to host files which are heavily in demand or very large. For example, if you want to host a video file on your blog, it could be a very large file. Streaming it from your web server eats up a lot of bandwidth, plus the server resources it takes up can work your server very hard. Multiply that by a lot of simultaneous web traffic and you can easily bring a server to it’s knees, begging for mercy. At the very least, you’re going to get a nastygram from your web host or be hit with expensive bandwidth overage fees.
So, you use S3. Typically, I use the S3Fox plug-in for Firefox to put files on S3. And then I can embed stuff on the blog.
But, that’s where the kicker comes in…
Letting Your Junk Hang Out
When you put a file on S3, you have to set permissions for the file. Typically, most people open up read permissions so that everyone can access the file. You then go and embed it on your site.
For example, you have a membership site. You don’t want people to be able to rip your videos and redistribute them, right? With the regular way of using S3, people can do that. They just look at your HTML code, find the path to Amazon, and copy/paste the URL.
Now people don’t even need to pay you to view your private content. Not cool. Not cool at all.
Amazon S3 has a built-in way to have controlled access to a file. That said, it is a pain in the ass to use. It requires some PHP programming and who has time for that, right?
The easiest option I’ve found is S3FlowShield.
S3FlowShield is a simple Wordpress plug-in, however it does quite a bit of things for you.
- Securely link to any file on Amazon S3
- Prevents hot-linking (people copying your S3 URLs and using them from other sites)
- Full Flash player built-in, making it easy to display videos “in house” without depending on sites like Youtube (which are public anyway)
- Flexibility to use any player you want (if you don’t like the built-in one)
- Securely link to MP3 files (with player)
- Securely link to downloadable files (great for selling things on your blog and not worrying about people being able to swipe the link and post it somewhere else)
The license for this plug-in is also multi-site, so you can use it as many times as you want.
Trust me, guys. This is a great plug-in and it works.
And here’s the thing… if you want to have a SECURE membership site with Wordpress, go and use the Wishlist Member plug-in for the membership site, and S3FlowShield to fully secure your content so non-members cannot get to it – ever. It is a true “out of box” solution for Wordpress. All you have left to do is make the content.
My Final Thoughts
If you have ANY content on Amazon S3 that you want controlled access to, you need the S3FlowShield plug-in.
Don’t make the mistake, either, of just saying you’ll host your files locally and avoid the problem. That won’t work. The problem is that the file URLs are easily copy/paste ready. Doesn’t matter if the files are located on your own server or on S3, they’re still wide open unless they are secured down.
Like I said, it can be done manually, but you’ll need to be a programming wizard to figure it out. I simply don’t have time for it, so I am an owner of S3FlowShield and I’m using it for my Inner Circle program (and soon to be others, too).
I’m glad to have S3FlowShield as a tool in my arsenal. Which is why I gladly recommend it to you.