WordPress.org

Español (Argentina)

Conseguí WordPress
WordPress.org

Plugin Directory

Storage for EDD via S3-Compatible

Storage for EDD via S3-Compatible

Por mohammadr3z
Descargar

Descripción

Storage for EDD via S3-Compatible is a powerful extension for Easy Digital Downloads that allows you to store and deliver your digital products using S3-compatible storage services. This plugin provides seamless integration with various S3-compatible storage providers including MinIO, DigitalOcean Spaces, Linode Object Storage, and many others.

Key Features

  • S3 Compatible Storage Support: Works with MinIO, DigitalOcean Spaces, Linode Object Storage, and other S3-compatible services
  • Secure File Delivery: Generates time-limited, secure download URLs with enforced timeout limits (1-60 minutes) for your digital products
  • Easy File Management: Upload files directly to S3 storage through WordPress admin
  • Media Library Integration: Browse and select files from your S3 storage within WordPress
  • Configurable Expiry: Set custom expiration times for download links with automatic validation
  • Customizable URL Prefix: Developers can customize the URL prefix (default: edd-s3cs://) using WordPress hooks
  • Security First: Built with WordPress security best practices including timeout enforcement and input validation
  • Developer Friendly: Clean, well-documented code with hooks and filters

Configuration

  1. Go to Downloads > Settings > Extensions > S3 Storage
  2. Enter your S3 credentials:
    • Access Key
    • Secret Key
    • Endpoint URL (e.g., https://s3.example.com)
    • Bucket Name
  3. Set the download link expiry time (in minutes, between 1-60 minutes)
  4. Save the settings

Usage

Uploading Files

  1. When creating or editing a download in Easy Digital Downloads
  2. Click on “Upload File” or “Choose File”
  3. Select the “Upload to S3” tab
  4. Choose your file and upload it directly to S3 storage
  5. The file URL will be automatically set with the S3 prefix

File Management

  • Use the “S3 Library” tab to browse existing files in your S3 storage
  • Files are organized by the path structure in your S3 bucket
  • Click “Select” to use an existing file for your download

Support

For support and bug reports, please use the WordPress.org plugin support forum.

If you find this plugin helpful, please consider leaving a review on WordPress.org.

Privacy Policy

This plugin does not collect or store any personal data. All file storage and delivery is handled through your configured S3-compatible storage service.

Capturas

  • Admin panel user interface
  • File selection from S3 storage section
  • File upload to S3 storage interface

Instalación

  1. Upload the plugin files to the /wp-content/plugins/storage-for-edd-via-s3-compatible directory, or install the plugin through the WordPress plugins screen directly.
  2. Make sure you have Easy Digital Downloads plugin installed and activated.
  3. Run composer install in the plugin directory if installing from source (not needed for release versions).
  4. Activate the plugin through the ‘Plugins’ screen in WordPress.
  5. Navigate to Downloads > Settings > Extensions > S3 Storage to configure the plugin.

Preguntas frecuentes

Which S3-compatible services are supported?

This plugin works with any S3-compatible storage service including:
* Amazon S3
* DigitalOcean Spaces
* Linode Object Storage
* Wasabi
* Backblaze B2 (with S3-compatible API)
* Cloudflare R2
* MinIO
* Storj
* ArvanCloud
* Hetzner Object Storage
* And many others

How secure are the download links?

The plugin generates presigned URLs with configurable expiration times (default 3 minutes). These URLs are temporary and cannot be shared or reused after expiration, ensuring your digital products remain secure.

For enhanced security, the plugin enforces timeout limits:
* Minimum expiry time: 1 minute (ensures links work for legitimate downloads)
* Maximum expiry time: 60 minutes (prevents long-term unauthorized access)
* Even if you try to set values outside this range, the plugin automatically adjusts them to stay within safe limits

This prevents abuse scenarios such as:
* Links that expire too quickly (0 minutes)
* Links that remain valid for days or weeks
* Unauthorized long-term access to your digital products

What file types are supported for upload?

The plugin supports safe file types including:
* Archives: ZIP, RAR, 7Z, TAR, GZ
* Documents: PDF, DOC, DOCX, TXT, RTF, XLS, XLSX, CSV, PPT, PPTX
* Images: JPG, JPEG, PNG, GIF, WEBP
* Audio: MP3, WAV, OGG, FLAC, M4A
* Video: MP4, AVI, MOV, WMV, FLV, WEBM
* E-books: EPUB, MOBI, AZW, AZW3
* Web files: CSS, JS, JSON, XML

Dangerous file types (executables, scripts) are automatically blocked for security.

How does the plugin validate uploaded files?

The plugin implements multiple layers of security validation:

  • Extension Validation: Checks file extensions against a whitelist of allowed types
  • MIME Type Validation: Validates the actual file content type (not just the extension) to prevent file type spoofing
  • Content-Type Matching: Ensures the file extension matches the actual MIME type to detect malicious files with fake extensions
  • Size Validation: Enforces WordPress upload size limits
  • Nonce Verification: Protects against CSRF attacks

This multi-layered approach prevents attackers from uploading malicious files disguised with safe extensions (e.g., a PHP file renamed to .jpg).

Can I browse existing files in my S3 storage?

Yes, the plugin includes an S3 Library feature that allows you to browse and select existing files from your S3 bucket directly within the WordPress admin interface.

Can I customize the URL prefix for S3 files?

Yes, developers can customize the URL prefix using the s3cs_edd_url_prefix filter. Add this code to your theme’s functions.php:

function customize_s3_url_prefix($prefix) {
    return 'edd-customprefix://'; // Change to your preferred prefix
}
add_filter('s3cs_edd_url_prefix', 'customize_s3_url_prefix');

Can I customize the allowed file types (MIME types)?

Yes, developers can customize the allowed MIME types using the s3cs_edd_allowed_mime_types filter. Add this code to your theme’s functions.php:

function customize_allowed_mime_types($mime_types) {
    // Add custom MIME types
    $mime_types[] = 'application/x-rar'; // Add RAR support
    $mime_types[] = 'video/x-matroska'; // Add MKV video support

    // Or remove specific MIME types
    $mime_types = array_diff($mime_types, array('video/x-flv')); // Remove FLV

    return $mime_types;
}
add_filter('s3cs_edd_allowed_mime_types', 'customize_allowed_mime_types');

Reseñas

Works Perfectly with S3

10 de septiembre de 2025
Worked perfectly, connected to my S3 storage without issues and solved my EDD file hosting needs. Exactly what I needed!
Leer todas las 2 reseñas

Colaboradores y desarrolladores

“Storage for EDD via S3-Compatible” es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Colaboradores

“Storage for EDD via S3-Compatible” ha sido traducido a 2 idiomas. Gracias a los traductores por sus contribuciones.

Traduce “Storage for EDD via S3-Compatible” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN , o suscríbete al log de desarrollo por RSS .

Registro de cambios

1.1.1

  • Improved: File display in S3 Library now shows filename prominently with path as a subtle subtitle for better readability.
  • Improved: Enhanced visual hierarchy in file listings with larger, bolder filenames and cleaner path display.
  • Improved: Better responsive design for file display on mobile and tablet devices.
  • Improved: Simplified file path styling with better contrast and spacing for improved user experience.
  • Security: Enforced timeout limits for presigned URLs (minimum 1 minute, maximum 60 minutes) to prevent abuse and ensure reasonable download link expiration.
  • Security: Enhanced endpoint URL validation with SSRF protection, blocking private IP addresses, localhost, and internal networks to prevent server-side request forgery attacks.
  • Security: Added comprehensive Content-Type (MIME type) validation to prevent file type spoofing attacks where malicious files are disguised with safe extensions.
  • Security: Implemented multi-layered file validation including extension matching, MIME type verification, and content-type header validation for S3 uploads.
  • Security: Added filter hook (s3cs_edd_allowed_mime_types) to allow developers to customize allowed MIME types while maintaining security.

1.1.0

  • Added: URL prefix customization hook (s3cs_edd_url_prefix filter) for improved developer flexibility.
  • Added: Search functionality for S3 Library with real-time file filtering.
  • Added: Clear search button and keyboard shortcuts (Ctrl+F/Cmd+F) for enhanced user experience.
  • Improved: S3 Library interface with modern search container styling.

1.0.9

  • Security: Added capability-based access control for S3 media library and upload functionality
  • Security: Removed debug console.log statements to prevent file path exposure
  • Security: Removed admin_post_nopriv_s3cs_upload action hook to restrict upload access to logged-in users only
  • Security: Removed SVG from allowed file extensions to prevent XSS attacks via malicious SVG files
  • Security: Replaced raw S3 error message display with generic user-friendly messages while logging detailed errors for debugging
  • Security: Reduced XML parser logging to prevent sensitive server response data exposure in logs
  • Security: Removed “No Auth” fallback from authentication methods to prevent unauthenticated requests
  • Security: Deleted unused makeRequestWithoutAuth method to enhance security posture

1.0.8

  • Added: File type validation with enhanced security against dangerous file uploads
  • Added: Translators comments for all internationalization strings with placeholders
  • Improved: Better internationalization support for translators
  • Improved: Debug logging now uses WordPress standards with proper sanitization
  • Fixed: All output from internationalization functions properly escaped to prevent XSS vulnerabilities
  • Fixed: Proper nonce verification for all form data processing to prevent CSRF attacks
  • Fixed: Removed production-unsafe debug code and replaced with WordPress-compatible logging
  • Changed: Default download link expiry reduced to 3 minutes for better security

1.0.7

  • Automatically prepended https:// to Endpoint URL to prevent XML parsing errors.
  • Improved Endpoint URL validation and user guidance.
  • XML parsing errors in S3 client and media library functions.

1.0.6

  • Centralized version management using S3CS_EDD_VERSION constant
  • Updated Persian translation files

1.0.5

  • Removed: Dark mode support to simplify styling and improve consistency across all themes.

1.0.4

  • Fixed: Responsive S3 file selection now displays file name, size, date, and select button on mobile.

1.0.3

  • Fixed WP_Scripts::localize error by using wp_add_inline_script() for non-array values.
  • Separated all inline JavaScript into dedicated .js files for better maintainability and performance.
  • Separated inline CSS into dedicated .css files.

1.0.2

  • Enhanced S3 upload section styling for a modern look and improved user experience.
  • Improved responsive design for better display on various screen sizes.
  • Refined the display of the current directory/bucket name in the S3 upload section.

1.0.1

  • Added a non-dismissible admin notice to alert users when S3 Access Key or Secret Key are not configured, with a direct link to settings.
  • Added Persian language support.
  • Implemented direct file download functionality, preventing files like JSON or text from opening in the browser and forcing download.

1.0.0

  • Initial release
  • S3-compatible storage integration
  • Secure presigned URL generation
  • Media library integration
  • File upload functionality
  • Admin settings interface
  • Security enhancements and validation
  • Internationalization support

Meta

Valoraciones

5 de 5 estrellas.

Agregar mi reseña

Ver todas las reseñas

Colaboradores

Soporte

¿Tenés algo que decir? ¿Necesitás ayuda?

Ver el foro de asistencia