How do you mask MP4 or MP3 Source URLs or disallow downloads?

[roosevelt]

Hi,

I want to create a wordpress website with video tutorials. The website will contain free and premium contents. I want to add some protection to the premium content so a premium member cannot just download the MP4s or MP3s by looking at the source or use some kind of video downloader.

Is there any tool that can provide that protection or I'm pretty much out of luck?

Is there any service or a plugin that can do the job?

I do wish to use a HTML 5 player, so if needed the users can speedup or slowdown the playbacks. But most of the players I've found so far exposes the video source URL

Thanks,
Roosevelt

[Jack W]

Hey roosevelt!

Nice choice to use WordPress, how are you finding it?

Restricting direct file downloads is a tedious task, and does require some custom PHP, simply because there are many avenues to download an embedded file, such as:

• Obtaining the source from the video player (as you mentioned)
• Viewing the source code (right click -> view source)
• Recording the screen (yep, people do that...)

Let's focus on the first two points... so, the user is able to obtain the direct URL, alright. You'd need to create a new folder on your hosting account/server, call it something like "video-content", then, inside that folder, create a file named ".htaccess", in that file, put:

Order Deny,Allow
Deny from all

What does this do, you ask? Well, if someone now tries to access example.com/video-content/ - they'll receive a 403 Forbidden error. They won't be able too. Ah, but, now, if you embed your videos from this URL, anyone trying to view it will also get a Forbidden error. Well... this is where PHP comes in...

Inside the same folder where you made the video-content folder (so above video-content), create a file named "grab-video.php".

Inside this file, place this PHP code:

<?php get_header(); ?>

<?php

if( !empty( $_GET['video'] ) )
{
  // check if user is logged    
  if ( is_user_logged_in()
  {
    $videoName = preg_replace( '#[^-\w]#', '', $_GET['video'] );
    $videoContent = "{$_SERVER['DOCUMENT_ROOT']}/video-content/{$videoName}.mp3";
    if( file_exists( $videoContent ) )
    {
      header( 'Cache-Control: public' );
      header( 'Content-Description: File Transfer' );
      header( "Content-Disposition: attachment; filename={$videoContent}" );
      header( 'Content-Type: application/mp3' );
      header( 'Content-Transfer-Encoding: binary' );
      readfile( $videoContent );
      exit;
    }
  }
}
die( "That is an error, my friend. You need to be a member to access this." );

?>

<?php get_footer(); ?>

Now, if you save this file, then upload a video to /video-content/, then go to example.com/grab-video.php?video=VIDEO NAME HERE it will allow you to embed the video.

Since this embeds the video, still, you'd think they'd be able to grab the source, right? Nope. The first step, of using .htaccess, prohibited that, even if they do have the source URL.

What if they're not logged-in, though? Well, I added extra protection to that for you, is_user_logged_in is a WordPress function to check if they're currently logged-in, if so, they can view the video, otherwise they can't.

On top of that, I also included the get_header and get_footer WordPress functions - so that, if they aren't logged in, it will give the page the same design as your WordPress site.

Roundup:

• Person must be logged-in to view video
• Cannot download video, even if they have the URL
• Provides errors, caching (for performance) and WordPress design

Give that a go, and let me know if you need anything else!  It's a little late at night, so, if anything I've written gives an error, let me know and I'll fix it.