A couple of weeks ago I was working on the weekend to update the Virtual Fitness website and I had the need for some very specific things to get done what I needed, so I did what every good technical person does. I asked the Google for help and here is what I came to find out based on these two requirements I had.
- I wanted to restrict access to certain pages only to site members
- I needed to protect media content links from being shared
- Disable Plugins on a per page basis
- Limit Login attempts
These seemed like two pretty big things to try to accomplish with just WordPress Plugins, but I actually found two that fit the bill AND they were not very expensive at all. So to keep it simple here are the two I landed on and I will give a brief overview of each.
WordPress Plugins #1 – Restrict Content Pro
This plugin is just simply fantastic! For a long time I have run a WordPress network install and one of the biggest headaches is the user registration. This plugin not only solves THAT problem, but it also as fully membership capabilities. You can see my example here on the new Virtual Fitness Registration Page. It’s 100% connected to PayPal, and is so easy to use it’s awesome. personally I also went ahead and added SSL on the pages where the registration and the other login pages were. That led to another problem where I needed to disable plugins that were not allowing SSL only, I will get into that later.
This just works, and has the flexibility to restrict by page or specific content on the page. It even manages the subscription expiration and other items you may need for your Members Only area of your WordPress site. At only $42 it’s well worth the money and the developer’s support is top-notch!
WordPress Plugins #2 – S3 Media Maestro
This is a pretty new plugin and currently is still being added to by the guys at Fly Plugins. However, it does exactly what it says it will do and it issues content downloads in the form of media like Audio or Video to an HTML5 player with expiration on the media. It is all using Amazon S3 to do so, and this means you don’t need to open your S3 Bucket to the world. Therefore the backend links are not useable after the page has loaded. It does have the ability to also do non S3 media, but it’s not going to be “protected”. Being a technical guy I have requested a few additions and again the developers are great. Some things I asked for were:
- CloudFront Distribution Protection with an S3 Bucket
- SSL intelligence on the S3 URL when a page is loaded in SSL
- Non-S3 protection
So far they have been very responsive to the ideas and personally I think more plugin developers need to listen to their users. They are even nice enough to provide some support to me in a multi-site network even though technically they have not tested it. So far it’s working great and the HTML5 player works perfectly on the iOS devices so KUDOS to the fly guys at Fly Plugins. You also cannot beat the price at $27.
UPDATE 4/20/2013: Something I learned today is that Amazon S3 does not have a content type to automatically associate the video file types when you add them to your bucket. This does not matter for all browsers EXCEPT the evil internet explorer. So if you upload files to S3 that are MP4, M4V or other type you need to edit the context as shown below to the proper file type of video/mp4 or other proper file type depending on the one you are using.
I actually wen and downloaded 3Hub as that allows you to add custom file types for association on upload and I will be testing it to make sure it works on my next file upload.
WordPress Plugins #3 – Plugin Organizer
Okay seriously, I wish I found this one MONTHS ago, and the best part…it’s FREE. This this has a LOT of power for you to not only disable plugins per page, but even sort the order in which they LOAD on your WordPress site. At the end of the day I found on my SSL pages three plugins were not using HTTP even with the WordPress HTTPS plugin running. I needed to simply just disable than and frankly the plugins I disabled were not a big deal on a login form, or registration form. This little gem solved the problem right quick.
If you have a need to do something similar do install this one and give it a try
WordPress Plugins #4 – Limit Login Attempts
There has been a lot of buzz about recent WordPress Brute Force Attacks, and I went digging and found this plugin. It does exactly what it says it does and sets up a limit on the login attempts to the site. You can setup lockouts, and even notify the administrator of a lockout situation. I have not tried to lock myself out yet, but overall this is just a good idea of a plugin. I may look for one that forces a password change as well for my subscribers. I’m not sure about that yet, but take a look at this one just to be safe.
UPDATED: Okay so you know, this thing WORKS and it works well, check out the information below from the logs today.
16 failed login attempts (2 lockout(s)) from IP: 18.104.22.168
Last user attempted: admin
IP was blocked for 20 minutes