I have been hunting the Internet for hrs searching for an answer with with only partial and non-functioning methods to show for my efforts.

The answer below appeared just like a great fix in the beginning it blocks my expensive player from being able to access the files. Could I only allow access from particular pages?:

< Files ~ "...">
order allow,deny
deny from all
< /Files>

The answer below appeared great in the beginning since it did not allow individuals to see the files within the directory but when the consumer knows the precise link to the background music file, they are able to download it:

SetHandler application/x-httpd-php
SetHandler application/x-shockwave-flash

Now, I discovered this post that forces a person to make a account information using htaccess however i dialog box appears when around the expensive player screen. It is possible to method for the page the send the login info with no user doing anything?

If the is not a safe and secure method, can someone advise a secure and relatively straight-forward approach to applying this restriction feature? Web addresses and good examples could be greatly appreciated

P.S. This can be a WordPress site, hence, I'm going to be using PHP like a programming language to implement any solution.

P.S. Searching to bar beginners from installing, NOT cyber-terrorist/crackers/internet magicians.


Since PHP can be obtained, utilize it to safeguard the files. Do not have them inside them within the web root, but somewhere that's available to PHP. Then produce a one-time-use URL like:

  $unique = md5( uniqid() );  // 32 hex characters

Then store that unique value within the session/server/db and also have another page validate the initial string just before streaming the file:

<a href="streamer.php?id=6dd4566eb245627b49f3abb7e4502dd6">Stream Me</a>

Make sure to expire that unique token following the first use (or possibly following a couple of occasions if you're feeling generous). It will not steer clear of the die-hards from taking the HTTP stream anyway, however it should prevent casual connecting.

Because The Rook highlights, you cannot get it for both. You cannot both give and never give your customers use of your computer data. Regardless of how complex your authentication plan becomes, competent customers will invariably have the ability to bypass it because to ensure that the Expensive player to operate they have to have qualifications. Personally, I believe the right option would be to identify that you simply can't prevent a determined user from saving your articles and merely allow them to. Should you insist upon which makes it harder, what solution fits your needs will be based upon what segment of customers you need to work against and just how much work you are prepared to put in implementation.

An easy solution is always to produce a one-time key every time you serve a viewer page after which serve this content via a PHP script that inspections it. This way the consumer a minimum of needs to load the viewer page for that content they need and look at its source to extract the important thing rather than just placing a URL within their browser's address bar. However, in case your site becomes whatsoever popular someone will most likely offer a script that does that instantly. For instance, see youtube-dl, a Python script that downloads YouTube videos.

Inside your publish you mention password safeguarding the files with Apache. It might be possible to achieve the Expensive player application submit HTTP authentication, however i doubt that any existing gamers support might modifying one to do this would require both sources and knowledge about ActionScript. Any solution which will survive such trivial attacks as reading through the page source will probably require modifying the ball player.