What is the best way to protect a page offering a free download after a viewer has filled out a form? I am using Contact Form 7 and Download Monitor on a Genesis theme. Some of the things that came to my mind are a session variable, referer or a hidden form field. We don't want the page to be accessed directly.
I am currently using Get variables and a hidden form field, but, the url with the variables could still be shared. It is a "free" download, so the goal is not iron clad security, but, just wasn't sure if other method might be better.
Thank you!
What is the best way to protect a page offering a free download after a viewer has filled out a form? I am using Contact Form 7 and Download Monitor on a Genesis theme. Some of the things that came to my mind are a session variable, referer or a hidden form field. We don't want the page to be accessed directly.
I am currently using Get variables and a hidden form field, but, the url with the variables could still be shared. It is a "free" download, so the goal is not iron clad security, but, just wasn't sure if other method might be better.
Thank you!
If you want something that's simple, but not highly secure, a field you pass from the form to the download page is fairly common. Anyone with that field could get to your download page, but most people won't know to look. If you can do this with post data instead of a get request, it's even better.
The next step up would be to verify information on the form was submitted successfully during this process. For example, check to see if the email address was successfully submitted and then display the download. This would require someone to guess an email that's already been submitted to get the download.
Finally, with Download Monitor you can generate a unique url per person. This would allow you to generate this url when the form is submitted. This would allow only one person to have the download url and download the file.
Additional notes: I would avoid sessions since WordPress doesn't work with those natively, but cookies would be fine. I would check to make sure all this works via caching, if you have that set up.
