PHP Auto Update Script 1.4 enables authors to easily upload and store their scripts outside web server directory for even greater security.
Today, we are happy to announce the availability of PHP Auto Update Script 1.4; the biggest upgrade to PHP self-update system yet. Here are the main highlights of new version:
Added: option to upload and store files outside PHP Auto Update Script;
Added: secure file downloader in administration dashboard;
Here’s the truth: option to store files outside web server directory existed since v1.0. However, it was like undocumented feature; therefore, very few users discovered and took advantage of it. Since version 1.4 makes this feature officially supported, let’s see how new platform works and what benefits it offers.
So hat is web server directory after all? It’s the directory where software author hosts PHP self-update system itself. Usually, it’s a directory named /httpdocs, /public_html, or /www, containing website’s files. For example, if you have WordPress installed at /home/myusername/public_html/mydomain.com/wordpress, whole /public_html directory (along with all files and sub-directories inside) is web server directory. In other words, it’s the root directory of files served to site’s visitors.
Obviously, if user needs to access some file (like installation or upgrade package of author’s script), it must exist in web server directory. While PHP self-update script never exposes real file names and URLs to users (it utilizes internal downloader), that doesn’t mean we couldn’t add more protection. For example, if some hacker stole author’s database, he might see real names and URLs of each file. Hence, he can download file by typing http://authordomain.com/secret_directory/obfuscated-file-name.zip into his browser.
Sure, downloaded file will be worthless if developer uses Auto PHP Licenser to protect his software. But what if he doesn’t? Well, some actor behind this hacking activity just got an illegal copy without paying for it. So, is there a way to defend against it?
No more unauthorized attempts to downloads your scripts.
PHP self-update script 1.4 makes such hacking impossible by storing files outside web server directory. That is to say, author can make an inaccessible directory at /home/secret_directory (notice that /secret_directory is not inside /public_html anymore) and PHP Auto Update Script will securely store files here from now on. Hence, even if someone knows the real URL and file name, he can’t access this file anymore. As file remains outside web server directory now, any attempt to download it directly will return 404 error.
And that’s not all. For security reasons, even admin can’t access files this way. In order to download his own files, admin needs to login to administration dashboard first and use secure downloader (only available to authorized users). Don’t worry, the process is easy for authorized users; a secure download link appears next to each file in administration dashboard, and PHP auto update system takes care of the rest.
Auto update PHP scripts quickly!
Here’s the cherry on the cake; new feature doesn’t require a single change in existing scripts. All author has to do is to configure his PHP Auto Update Script installation to store files outside web server directory. And this is it! It takes less than 2 minutes and full instructions are available in the documentation. Got stuck or need more details? phpmillion support forums are your one-stop solution for all your support and technical assistance needs.