https://89393b0c.nuvai-blog.pages.dev/tags/edd/ Recent content in EDD on Luis Sousa Blog Hugo en Sat, 07 Mar 2026 12:10:00 +0000 https://89393b0c.nuvai-blog.pages.dev/posts/protecting-edd-downloads-from-url-guessing/ Sat, 07 Mar 2026 12:10:00 +0000 https://89393b0c.nuvai-blog.pages.dev/posts/protecting-edd-downloads-from-url-guessing/ <p>We sell digital products on <a href="https://joyofexploringtheworld.com/" class="external-link" target="_blank" rel="noopener">joyofexploringtheworld.com</a> using Easy Digital Downloads. By default, EDD stores files in <code>wp-content/uploads/</code>—the same directory as every other WordPress upload. That means anyone who can guess the filename can download the file directly, bypassing purchase validation entirely.</p> <h2 id="the-problem"> The problem <a class="heading-link" href="#the-problem"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>EDD download URLs contain a token that validates the purchase. But the actual file sits in a publicly accessible directory. If someone guesses or discovers the file path (e.g. from a cached CDN URL or a predictable naming pattern), they can download it without paying.</p> https://89393b0c.nuvai-blog.pages.dev/posts/when-image-crop-error-isnt-about-the-image/ Sat, 07 Mar 2026 12:04:00 +0000 https://89393b0c.nuvai-blog.pages.dev/posts/when-image-crop-error-isnt-about-the-image/ <p>We run a travel blog on a budget stack (<a href="https://joyofexploringtheworld.com/" class="external-link" target="_blank" rel="noopener">joyofexploringtheworld.com</a>) with Docker, Cloudflare, and imgproxy for images. When we hit “There has been an error cropping your image” in the WordPress media editor, the message pointed at the image—but the real cause was elsewhere.</p> <h2 id="the-misleading-error"> The misleading error <a class="heading-link" href="#the-misleading-error"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>The error suggests missing image libraries (GD or Imagick). We confirmed both were installed and working. The actual problem: the crop request to <code>admin-ajax.php</code> was returning <strong>403 Forbidden</strong>. That can come from a security plugin, WAF, or nonce validation—not from the image itself.</p> https://89393b0c.nuvai-blog.pages.dev/posts/fixing-edd-checkout-header-footer-overlap/ Sat, 07 Mar 2026 12:00:00 +0000 https://89393b0c.nuvai-blog.pages.dev/posts/fixing-edd-checkout-header-footer-overlap/ <p>We sell downloadable travel itineraries on <a href="https://joyofexploringtheworld.com/" class="external-link" target="_blank" rel="noopener">joyofexploringtheworld.com</a> using Easy Digital Downloads (EDD). With a sticky header and a block theme (Bricksy Pro), the checkout and receipt pages had content sitting under the header and footer. Here&rsquo;s how we fixed it.</p> <h2 id="the-problem"> The problem <a class="heading-link" href="#the-problem"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>With a sticky or fixed header, the main content area starts at the top of the viewport. The header overlays it, so the first lines of the checkout form are hidden. Similarly, a fixed footer can cover the bottom of the page. FSE block themes don&rsquo;t always add padding for fixed elements on custom post types like EDD checkout.</p>