Storage for EDD via S3-Compatible is a powerful extension for Easy Digital Downloads that allows you to store and deliver your digital products using S3-compatible storage services. This plugin provides seamless integration with various S3-compatible storage providers including MinIO, DigitalOcean Spaces, Linode Object Storage, and many others.<\/p>\n\n
This plugin connects to your configured S3-compatible storage service to manage files, create download links, and handle file transfers.<\/p>\n\n
It sends the necessary authentication signatures and file requests to your S3 provider's servers. This happens when you browse your S3 files in the dashboard, upload files, or when a customer downloads a file.<\/p>\n\n
For support and bug reports, please use the WordPress.org plugin support forum.<\/p>\n\n
If you find this plugin helpful, please consider leaving a review on WordPress.org.<\/p>\n\n
Looking for a different storage provider? Check out our other plugins:<\/p>\n\n
This plugin does not collect or store any personal data. All file storage and delivery is handled through your configured S3-compatible storage service.<\/p>\n\n\n
\/wp-content\/plugins\/storage-for-edd-via-s3-compatible<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n- Make sure you have Easy Digital Downloads plugin installed and activated.<\/li>\n
- Run
composer install<\/code> in the plugin directory if installing from source (not needed for release versions).<\/li>\n- Activate the plugin through the 'Plugins' screen in WordPress.<\/li>\n
- Navigate to Downloads > Settings > Extensions > S3 Storage to configure the plugin.<\/li>\n<\/ol>\n\n\n
\nWhich S3-compatible services are supported?<\/h3><\/dt>\nThis plugin works with any S3-compatible storage service including:\n* Amazon S3\n* DigitalOcean Spaces\n* Linode Object Storage\n* Wasabi\n* Backblaze B2 (with S3-compatible API)\n* Cloudflare R2\n* MinIO\n* Storj\n* ArvanCloud\n* Hetzner Object Storage\n* And many others<\/p><\/dd>\n
How secure are the download links?<\/h3><\/dt>\nThe plugin generates presigned URLs with configurable expiration times (default 3 minutes). These URLs are temporary and cannot be shared or reused after expiration, ensuring your digital products remain secure.<\/p>\n\n
For enhanced security, the plugin enforces timeout limits:\n* Minimum expiry time: 1 minute (ensures links work for legitimate downloads)\n* Maximum expiry time: 60 minutes (prevents long-term unauthorized access)\n* Even if you try to set values outside this range, the plugin automatically adjusts them to stay within safe limits<\/p>\n\n
This prevents abuse scenarios such as:\n* Links that expire too quickly (0 minutes)\n* Links that remain valid for days or weeks\n* Unauthorized long-term access to your digital products<\/p><\/dd>\n
What file types are supported for upload?<\/h3><\/dt>\nThe plugin supports safe file types including:\n* Archives: ZIP, RAR, 7Z, TAR, GZ\n* Documents: PDF, DOC, DOCX, TXT, RTF, XLS, XLSX, CSV, PPT, PPTX\n* Images: JPG, JPEG, PNG, GIF, WEBP\n* Audio: MP3, WAV, OGG, FLAC, M4A\n* Video: MP4, AVI, MOV, WMV, FLV, WEBM\n* E-books: EPUB, MOBI, AZW, AZW3\n* Web files: CSS, JS, JSON, XML<\/p>\n\n
Dangerous file types (executables, scripts) are automatically blocked for security.<\/p><\/dd>\n
How does the plugin validate uploaded files?<\/h3><\/dt>\nThe plugin implements multiple layers of security validation:<\/p>\n\n
\n- Extension Validation<\/strong>: Checks file extensions against a whitelist of allowed types<\/li>\n
- MIME Type Validation<\/strong>: Validates the actual file content type (not just the extension) to prevent file type spoofing<\/li>\n
- Content-Type Matching<\/strong>: Ensures the file extension matches the actual MIME type to detect malicious files with fake extensions<\/li>\n
- Size Validation<\/strong>: Enforces WordPress upload size limits<\/li>\n
- Nonce Verification<\/strong>: Protects against CSRF attacks<\/li>\n<\/ul>\n\n
This multi-layered approach prevents attackers from uploading malicious files disguised with safe extensions (e.g., a PHP file renamed to .jpg).<\/p><\/dd>\n
Can I browse existing files in my S3 storage?<\/h3><\/dt>\nYes, the plugin includes an S3 Library feature that allows you to browse and select existing files from your S3 bucket directly within the WordPress admin interface.<\/p><\/dd>\n
Can I customize the URL prefix for S3 files?<\/h3><\/dt>\nYes, developers can customize the URL prefix using the s3cs_edd_url_prefix<\/code> filter. Add this code to your theme's functions.php:<\/p>\n\nfunction customize_s3_url_prefix($prefix) {\n return 'edd-myprefix:\/\/'; \/\/ Change to your preferred prefix\n}\nadd_filter('s3cs_edd_url_prefix', 'customize_s3_url_prefix');\n<\/code><\/pre><\/dd>\nCan I customize the allowed file types (MIME types)?<\/h3><\/dt>\nYes, developers can customize the allowed MIME types using the s3cs_edd_allowed_mime_types<\/code> filter. Add this code to your theme's functions.php:<\/p>\n\nfunction customize_allowed_mime_types($mime_types) {\n \/\/ Add custom MIME types\n $mime_types[] = 'application\/x-rar'; \/\/ Add RAR support\n $mime_types[] = 'video\/x-matroska'; \/\/ Add MKV video support\n\n \/\/ Or remove specific MIME types\n $mime_types = array_diff($mime_types, array('video\/x-flv')); \/\/ Remove FLV\n\n return $mime_types;\n}\nadd_filter('s3cs_edd_allowed_mime_types', 'customize_allowed_mime_types');\n<\/code><\/pre><\/dd>\n\n<\/dl>\n\n\n1.2.0<\/h4>\n\n\n- Major Refactor: Replaced legacy iframe browser with modern AJAX implementation for improved performance.<\/li>\n
- Fixed: Critical issue where S3 uploads were considered successful despite 4xx\/5xx HTTP errors.<\/li>\n
- Fixed: Signature mismatch in download presigned URLs for files with special characters or spaces.<\/li>\n
- Added: Strict pre-upload file validation (hash, size, and stream) for enhanced reliability.<\/li>\n
- Security: Sanitized
response-content-disposition<\/code> header in download links to prevent header injection.<\/li>\n<\/ul>\n\n1.1.10<\/h4>\n\n\n- Improved: UI styles and enhanced layout consistency for better harmony.<\/li>\n
- Improved: Comprehensive code improvements and stability optimizations.<\/li>\n
- Added: Skeleton loader with shimmer animation for better UX while loading S3 browser modal.<\/li>\n<\/ul>\n\n
1.1.9<\/h4>\n\n\n- Updated: Guzzle HTTP library to version 7.10.0 for PHP 8.5 compatibility.<\/li>\n<\/ul>\n\n
1.1.8<\/h4>\n\n\n- Use wp_enqueue commands: Replaced inline and in includes\/class-media-library.php (admin media library)<\/li>\n<\/ul>\n\n
1.1.7<\/h4>\n\n\n- Added: New \"Browse\" button next to file inputs for easier file selection.<\/li>\n
- Improved: Modernized file browser UI with a dedicated modal window.<\/li>\n
- Improved: File browser is now context-aware, opening directly to the selected file's folder.<\/li>\n
- Improved: Browse button is automatically hidden if the plugin is not configured.<\/li>\n
- Improved: Removed legacy \"S3 Library\" tab from the standard WordPress media uploader for a cleaner interface.<\/li>\n<\/ul>\n\n
1.1.6<\/h4>\n\n\n- Added: Native search input type with clear (\"X\") icon support for a cleaner UI.<\/li>\n
- Improved: Mobile breadcrumb navigation with path wrapping for long directory names.<\/li>\n
- Improved: Reduced separator spacing in breadcrumbs on mobile devices.<\/li>\n
- Improved: Standardized header row spacing and title font sizes for UI consistency.<\/li>\n
- Improved: Enhanced notice detail styling for better error\/success message readability.<\/li>\n
- Security: Standardized use of wp_json_encode() for client-side data.<\/li>\n
- Cleaned: Removed unused \"Owner\" metadata logic and legacy CSS rules.<\/li>\n<\/ul>\n\n
1.1.5<\/h4>\n\n\n- Improved: Media library table styling for more consistent file and folder display.<\/li>\n
- Improved: Redesigned folder rows with better icons and refined hover effects.<\/li>\n
- Improved: Enhanced mobile responsiveness for the file browser table.<\/li>\n
- Fixed: Corrected file name and path display order in the media library.<\/li>\n<\/ul>\n\n
1.1.4<\/h4>\n\n\n- Added: Breadcrumb navigation in file browser - click any folder in the path to navigate directly.<\/li>\n
- Improved: Integrated search functionality directly into the breadcrumb navigation bar for a cleaner UI.<\/li>\n
- Improved: Better navigation experience without needing the Back button.<\/li>\n
- Improved: Enhanced styling for search inputs and buttons, including compact padding.<\/li>\n
- Fixed: RTL layout issues for breadcrumbs and navigation buttons.<\/li>\n
- Cleaned: Removed legacy CSS and unused search container elements.<\/li>\n<\/ul>\n\n
1.1.3<\/h4>\n\n\n- Changed: Merged Upload tab into Library tab for a unified experience.<\/li>\n
- Improved: Upload form toggles with a button in the header row.<\/li>\n
- Improved: Back button moved to header row with new styling (orange for Upload, blue for Back).<\/li>\n
- Improved: Success notice no longer persists after navigating back in the media library.<\/li>\n
- Fixed: Critical issue with S3 uploads to folders with spaces in their names (AWS Signature V4 mismatch).<\/li>\n
- Improved: Better RTL support for styling and layout.<\/li>\n<\/ul>\n\n
1.1.2<\/h4>\n\n\n- Fixed: Removed non-prefixed global variable to comply with WordPress coding standards.<\/li>\n
- Improved: Optimized admin settings to only fetch bucket list when viewing the S3 settings section, preventing unnecessary API calls on other EDD settings pages.<\/li>\n<\/ul>\n\n
1.1.1<\/h4>\n\n\n- Improved: File display in S3 Library now shows filename prominently with path as a subtle subtitle for better readability.<\/li>\n
- Improved: Enhanced visual hierarchy in file listings with larger, bolder filenames and cleaner path display.<\/li>\n
- Improved: Better responsive design for file display on mobile and tablet devices.<\/li>\n
- Improved: Simplified file path styling with better contrast and spacing for improved user experience.<\/li>\n
- Security: Enforced timeout limits for presigned URLs (minimum 1 minute, maximum 60 minutes) to prevent abuse and ensure reasonable download link expiration.<\/li>\n
- Security: Enhanced endpoint URL validation with SSRF protection, blocking private IP addresses, localhost, and internal networks to prevent server-side request forgery attacks.<\/li>\n
- Security: Added comprehensive Content-Type (MIME type) validation to prevent file type spoofing attacks where malicious files are disguised with safe extensions.<\/li>\n
- Security: Implemented multi-layered file validation including extension matching, MIME type verification, and content-type header validation for S3 uploads.<\/li>\n
- Security: Added filter hook (s3cs_edd_allowed_mime_types) to allow developers to customize allowed MIME types while maintaining security.<\/li>\n<\/ul>\n\n
1.1.0<\/h4>\n\n\n- Added: URL prefix customization hook (
s3cs_edd_url_prefix<\/code> filter) for improved developer flexibility.<\/li>\n- Added: Search functionality for S3 Library with real-time file filtering.<\/li>\n
- Added: Clear search button and keyboard shortcuts (Ctrl+F\/Cmd+F) for enhanced user experience.<\/li>\n
- Improved: S3 Library interface with modern search container styling.<\/li>\n<\/ul>\n\n
1.0.9<\/h4>\n\n\n- Security: Added capability-based access control for S3 media library and upload functionality<\/li>\n
- Security: Removed debug console.log statements to prevent file path exposure<\/li>\n
- Security: Removed admin_post_nopriv_s3cs_upload action hook to restrict upload access to logged-in users only<\/li>\n
- Security: Removed SVG from allowed file extensions to prevent XSS attacks via malicious SVG files<\/li>\n
- Security: Replaced raw S3 error message display with generic user-friendly messages while logging detailed errors for debugging<\/li>\n
- Security: Reduced XML parser logging to prevent sensitive server response data exposure in logs<\/li>\n
- Security: Removed \"No Auth\" fallback from authentication methods to prevent unauthenticated requests<\/li>\n
- Security: Deleted unused
makeRequestWithoutAuth<\/code> method to enhance security posture<\/li>\n<\/ul>\n\n1.0.8<\/h4>\n\n\n- Added: File type validation with enhanced security against dangerous file uploads<\/li>\n
- Added: Translators comments for all internationalization strings with placeholders<\/li>\n
- Improved: Better internationalization support for translators<\/li>\n
- Improved: Debug logging now uses WordPress standards with proper sanitization<\/li>\n
- Fixed: All output from internationalization functions properly escaped to prevent XSS vulnerabilities<\/li>\n
- Fixed: Proper nonce verification for all form data processing to prevent CSRF attacks<\/li>\n
- Fixed: Removed production-unsafe debug code and replaced with WordPress-compatible logging<\/li>\n<\/ul>\n\n
1.0.7<\/h4>\n\n\n- Automatically prepended
https:\/\/<\/code> to Endpoint URL to prevent XML parsing errors.<\/li>\n- Improved Endpoint URL validation and user guidance.<\/li>\n
- XML parsing errors in S3 client and media library functions.<\/li>\n<\/ul>\n\n
1.0.6<\/h4>\n\n\n- Centralized version management using S3CS_EDD_VERSION constant<\/li>\n
- Updated Persian translation files<\/li>\n<\/ul>\n\n
1.0.5<\/h4>\n\n\n- Removed: Dark mode support to simplify styling and improve consistency across all themes.<\/li>\n<\/ul>\n\n
1.0.4<\/h4>\n\n\n- Fixed: Responsive S3 file selection now displays file name, size, date, and select button on mobile.<\/li>\n<\/ul>\n\n
1.0.3<\/h4>\n\n\n- Fixed
WP_Scripts::localize<\/code> error by using wp_add_inline_script()<\/code> for non-array values.<\/li>\n- Separated all inline JavaScript into dedicated
.js<\/code> files for better maintainability and performance.<\/li>\n- Separated inline CSS into dedicated
.css<\/code> files.<\/li>\n<\/ul>\n\n1.0.2<\/h4>\n\n\n- Enhanced S3 upload section styling for a modern look and improved user experience.<\/li>\n
- Improved responsive design for better display on various screen sizes.<\/li>\n
- Refined the display of the current directory\/bucket name in the S3 upload section.<\/li>\n<\/ul>\n\n
1.0.1<\/h4>\n\n\n- Added a non-dismissible admin notice to alert users when S3 Access Key or Secret Key are not configured, with a direct link to settings.<\/li>\n
- Added Persian language support.<\/li>\n
- Implemented direct file download functionality, preventing files like JSON or text from opening in the browser and forcing download.<\/li>\n<\/ul>\n\n
1.0.0<\/h4>\n\n\n- Initial release<\/li>\n
- S3-compatible storage integration<\/li>\n
- Secure presigned URL generation<\/li>\n
- Media library integration<\/li>\n
- File upload functionality<\/li>\n
- Admin settings interface<\/li>\n
- Security enhancements and validation<\/li>\n
- Internationalization support<\/li>\n<\/ul>","raw_excerpt":"Enable secure cloud storage and delivery of your digital products through S3-compatible services for Easy Digital Downloads.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/242235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=242235"}],"author":[{"embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/mohammadr3z"}],"wp:attachment":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=242235"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=242235"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=242235"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=242235"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=242235"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=242235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}