Overview
The Amazon S3 add-on enables you to store and serve package files directly from Amazon S3 buckets. Offload storage from your server, leverage CloudFront CDN for faster downloads, and scale without server limitations.
Prerequisites
- WordPress Download Manager installed
- Amazon S3 add-on installed and activated
- AWS account with S3 access
- IAM user credentials
Benefits
| Feature | Benefit |
|---|---|
| Scalable Storage | Unlimited file storage |
| Global Delivery | CloudFront CDN integration |
| Server Offload | Reduce server storage/bandwidth |
| Reliability | 99.999999999% durability |
| Cost Effective | Pay only for what you use |
AWS Setup
Step 1: Create AWS Account
- Go to aws.amazon.com
- Click Create an AWS Account
- Complete registration
- Add payment method
Step 2: Create S3 Bucket
- Go to S3 in AWS Console
- Click Create bucket
- Configure:
Bucket name: your-downloads-bucket Region: us-east-1 (or closest to your users) Object Ownership: ACLs disabled Block Public Access: Keep enabled (recommended) Versioning: Optional
- Click Create bucket
Step 3: Create IAM User
- Go to IAM in AWS Console
- Click Users > Add users
- Configure:
User name: wpdm-s3-user Access type: ☑ Programmatic access
- Click Next: Permissions
Step 4: Set IAM Policy
Attach policy for S3 access:
Option A: Use existing policy
AmazonS3FullAccess(broad access)
Option B: Create custom policy (recommended)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::your-downloads-bucket",
"arn:aws:s3:::your-downloads-bucket/*"
]
}
]
}
Step 5: Get Access Keys
After creating user:
- Download or copy Access Key ID
- Download or copy Secret Access Key
Important: Save these securely. Secret key is only shown once.
Plugin Configuration
Step 1: Access Settings
- Go to Downloads > Settings
- Click Amazon S3 tab
Step 2: Enter Credentials
┌─────────────────────────────────────────────────────────────┐ │ Amazon S3 Configuration │ ├─────────────────────────────────────────────────────────────┤ │ │ │ Access Key ID: │ │ [AKIAIOSFODNN7EXAMPLE ] │ │ │ │ Secret Access Key: │ │ [wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY ] │ │ │ │ Default Region: │ │ [us-east-1 ▼] │ │ │ │ Default Bucket: │ │ [your-downloads-bucket ] │ │ │ │ [Test Connection] │ │ │ └─────────────────────────────────────────────────────────────┘
Step 3: Test Connection
Click Test Connection to verify:
✓ Connection successful ✓ Bucket accessible ✓ Read/write permissions confirmed
Using S3 Files
Adding S3 Files to Package
- Edit a package
- In Attached Files section, click Browse S3
- Navigate to your files
- Select file(s)
- Click Attach Selected
┌─────────────────────────────────────────────────────────────┐ │ S3 File Browser [your-bucket] │ ├─────────────────────────────────────────────────────────────┤ │ 📁 / │ │ ├── 📁 software/ │ │ │ ├── 📄 app-v2.0.zip (45 MB) [Select] │ │ │ └── 📄 app-v1.9.zip (42 MB) [Select] │ │ ├── 📁 documents/ │ │ │ └── 📄 manual.pdf (5 MB) [Select] │ │ └── 📄 readme.txt (2 KB) [Select] │ │ │ │ [Attach Selected Files] │ └─────────────────────────────────────────────────────────────┘
Uploading to S3
Upload files directly to S3 from WordPress:
- In S3 File Browser, click Upload
- Select file(s) from your computer
- Choose destination folder
- Click Upload
Upload Progress: software-v2.1.zip ████████████████████ 100% manual-v2.pdf ████████████░░░░░░░░ 60%
S3 File URL Format
Files are referenced by S3 URL:
s3://your-bucket/path/to/file.zip
Or HTTPS URL:
https://your-bucket.s3.amazonaws.com/path/to/file.zip
Download Delivery
Signed URLs (Recommended)
Generate temporary, secure download links:
☑ Use signed URLs for downloads Expiry: [300] seconds (5 minutes)
Signed URL example:
https://bucket.s3.amazonaws.com/file.zip? X-Amz-Algorithm=AWS4-HMAC-SHA256& X-Amz-Credential=...& X-Amz-Date=...& X-Amz-Expires=300& X-Amz-SignedHeaders=host& X-Amz-Signature=...
Benefits:
- Time-limited access
- Prevents hotlinking
- Maintains access control
Direct URLs
For public files:
☐ Use signed URLs (direct access)
Requires bucket/object to be public.
Proxy Downloads
Route through WordPress:
☑ Proxy downloads through WordPress
Benefits:
- Access control enforced
- Download tracking accurate
- Works with all locks
Drawbacks:
- Uses server bandwidth
- Slower for large files
CloudFront Integration
Setting Up CloudFront
- Go to CloudFront in AWS Console
- Click Create Distribution
- Configure:
Origin domain: your-bucket.s3.amazonaws.com Origin path: (leave empty or specify folder) Name: your-bucket-origin Origin access: Origin access control settings (recommended)
- Create OAC (Origin Access Control)
- Update S3 bucket policy
CloudFront Settings in WPDM
┌─────────────────────────────────────────────────────────────┐ │ CloudFront Configuration │ ├─────────────────────────────────────────────────────────────┤ │ ☑ Enable CloudFront │ │ │ │ Distribution Domain: │ │ [d1234567890.cloudfront.net ] │ │ │ │ Key Pair ID: │ │ [APKAEIBAERJR2EXAMPLE ] │ │ │ │ Private Key: │ │ [Upload .pem file] or [Paste key content] │ │ │ └─────────────────────────────────────────────────────────────┘
CloudFront Signed URLs
For private content:
- Create CloudFront key pair (root account only)
- Download private key (.pem file)
- Add Key Pair ID and private key to WPDM
- Enable signed URLs
Bucket Policies
Private Bucket (Recommended)
Keep bucket private, use signed URLs:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowWPDMAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:user/wpdm-s3-user"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::your-bucket/*"
}
]
}
CloudFront OAC Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::123456789:distribution/EDFDVBD6EXAMPLE"
}
}
}
]
}
Storage Management
S3 File Manager
Access full S3 manager:
- Go to Downloads > Amazon S3
- Browse, upload, delete files
- Create folders
- Manage permissions
Folder Organization
Recommended structure:
your-bucket/
├── downloads/
│ ├── software/
│ │ ├── v2.0/
│ │ └── v1.9/
│ ├── documents/
│ └── templates/
├── previews/
│ └── thumbnails/
└── private/
└── license-files/
Sync with Server
Optionally sync local files to S3:
☑ Auto-sync uploaded files to S3 ☐ Delete local copy after sync
Costs
S3 Pricing (approximate)
| Component | Cost |
|---|---|
| Storage | $0.023/GB/month |
| GET requests | $0.0004/1000 requests |
| PUT requests | $0.005/1000 requests |
| Data transfer out | $0.09/GB (first 10TB) |
CloudFront Pricing
| Region | Cost per GB |
|---|---|
| North America/Europe | $0.085 |
| Asia Pacific | $0.14 |
| South America | $0.11 |
Cost Optimization
- Use S3 Intelligent-Tiering for infrequent access
- Enable CloudFront caching
- Set lifecycle rules for old files
- Monitor with AWS Cost Explorer
Troubleshooting
“Access Denied”
Causes:
- Wrong credentials
- IAM policy too restrictive
- Bucket policy blocking
Solutions:
- Verify access key/secret
- Check IAM user permissions
- Review bucket policy
- Test with AWS CLI
“Bucket Not Found”
Causes:
- Wrong bucket name
- Wrong region
- Bucket doesn’t exist
Solutions:
- Verify exact bucket name
- Check region setting
- Create bucket if needed
Slow Downloads
Causes:
- No CDN
- Wrong region
- Large file
Solutions:
- Enable CloudFront
- Choose closer region
- Consider chunked downloads
Files Not Showing
Causes:
- Wrong path
- Permission issue
- Cache
Solutions:
- Check folder path
- Verify list permissions
- Refresh file browser
Security Best Practices
- Never expose credentials – Use IAM roles when possible
- Least privilege – Only grant necessary permissions
- Use signed URLs – Don’t make bucket public
- Enable versioning – Protect against accidental deletion
- Enable logging – Track access for auditing
- Rotate keys – Regularly rotate access keys
Related Documentation
Last updated: January 2026
Applies to: WordPress Download Manager 7.x + Amazon S3 Add-on