Forum Replies Created
-
Posts
-
We’ve made some updates to our plugins that should help resolve the CAPTCHA issue with direct download options. Please update the main Simple Download Monitor plugin, as well as the Bot Protection with Turnstile addon (if you’re using that feature).
I’ve also sent you the details via email. Feel free to reply to that email if you have any questions.
Thank you. The settings look fine. We’re currently working on resolving the CAPTCHA compatibility issue with the addon(s). I’ll provide an update once that’s addressed and also check if any other adjustments are needed within the addon.
Thank you for the log. It looks like the email notification addon is not triggering anything in the log. Could you please check the settings page of the “Email Notification on Download” addon? Specifically, is the “Send Emails to Admin After a Download” option enabled?
It would be helpful if you could share a screenshot of the current configuration on that settings page. To facilitate this, please get in touch with us via our contact form on the website. That way, we can easily exchange screenshots and assist you further through our support email channel.
Enable the debug logging feature:
Then do a test download and share the log file so we can see if our addon is executing the notification email sending code or not.
We will probably need to make an update to the addon for those new features (those were added recently to our main plugin. I will check this and get back to you.
Can you please go to the plugins menu of your admin dashboard and let me know what is the current version of the squeeze form addon that your site is using?
We have released a new version of the plugin with the reCAPTCHA v3 option.
We also now have the following Cloudflare Turnstile CAPTCHA solution:
Using Cloudflare Turnstile CAPTCHA with the Simple Download Monitor
@wp25, Please note that when the hidden downloads addon is activated, it takes over the standard download handling for all regular download shortcodes, ensuring they are processed securely through the Secure Downloads addon. You can continue using the standard shortcodes provided by the main plugin as usual. It keeps the actual location of the file hidden.
However, if you’re concerned about users manipulating the download_id value, the only way to prevent that is by using the special shortcode provided by the Hidden Downloads addon. A regular text link setup isn’t viable in this case because it must include the download_id in the URL, which brings back the original concern you mentioned. Currently, the Hidden Downloads addon does not offer or advertise any special link-based solution for this scenario.
Please let me know if the following response on your other topic helps clarify how we’re currently approaching the CAPTCHA feature:
If this approach doesn’t work for your setup, let us know and we’ll make arrangements so you can switch to an alternative plugin.
Our plugin only outputs the CAPTCHA-related JavaScript code on the front-end of the site. It uses the
wp_enqueue_scriptshook, which is only executed on the front-end.So, it shouldn’t affect the standard WordPress back-end login page. However, if you’re using a plugin that adds a custom front-end login form, there could be a conflict.
We are currently working on adding new CAPTCHA options to the plugin, which will allow us to phase out the older v2 CAPTCHA.
A new CAPTCHA option should be available within the next few weeks. In the meantime, we recommend disabling v2 CAPTCHA, as it’s causing conflicts on your site. Once the new option is released, you can switch to that.
Let us know if that works for you.
If you’re experiencing attacks like the one you described, the most effective solution is to implement a server-level firewall. CAPTCHA won’t prevent the performance impact, as the page still needs to load before the CAPTCHA is triggered—meaning bot traffic can still strain your server. If you inform your hosting provider about the specific bot attacks, they can configure a firewall at the server level to block the traffic before it reaches your site, eliminating the load and preventing performance issues.
If you are using the PHP streaming option, then you need to try the various methods offered in the settings and see which one works for your server environment. If one of those methods work on your site, then the recommendation is to use that one. The following explanation should be helpful.
When using PHP streaming/dispatching for downloads, there is no universal method that works seamlessly across all server environments. The ability for PHP to handle file streaming depends on the server’s configuration, including factors like PHP execution mode, timeout settings, and security restrictions. If PHP streaming isn’t working on your setup, the best approach is to contact your hosting provider and request adjustments to the server environment to allow PHP-based file streaming to function correctly.
Hi, Currently, using CAPTCHA is the most effective bot protection method available in the plugin.
If you want to further restrict downloads to human users and block or ban abusive accounts, the most reliable approach is to combine CAPTCHA with a membership system and use the Enhanced File Protection Feature.
Restricting Download Access to Members Using WP eMember Plugin
Restricting Download Access to Members Using Simple Membership Plugin
Relying on IP-based blocking is not ideal in this context, as it can be easily bypassed by human users.
By default WordPress limits which file types you can upload. The following addon can be used to allow other files types to be uploaded to your site:
The following plugin is know to have conflicts with Our Simple Download Monitor:
In the “Downloads” menu, where all the downloads are listed, you’ll find a column labeled “ID.” This column displays the unique ID of each download item.
Additionally, when you’re in the “Edit” view of a download, scroll to the section labeled “Shortcodes.” From there, you can copy and paste the exact shortcode, which includes the correct ID for the download.
