wp-content/uploads/woocommerce_uploads
I also noticed that the download is NOT going to this woocommerce folder, where their is an .htaccess file.
The file path and file are both accessible in the uploads directory so anyone can just directly download your digital file you are selling? There is no protection at all for your file. Can someone tell me how to correct this?
(The files in the above example have been removed but I the problem is still the same.)
Is there a reason no one is answering my question, i’m sure it’s been asked before I just want to make sure the download i’m selling isn’t easily nabbed from the file path as it seems it is wide open for download. Are you supposed to use a .htaccess in that directory? Are the downloads supposed to be going into the main uploads or are they supposed to go into the woocommerce_uploads or are you supposed to sftp them manually instead of using the browse button on the product?
Neverwoo, and thanks for the woohelp. I think I have woo’d it, which is woo-smurf-tastic.
Downloadable products should be put in the
wp-content/uploads/woocommerce_uploads
folder which has an .htaccess in it that has deny all set.
For some reason, the plugin, when uploading from within wordpress, puts the download file in the uploads folder and not the one mentioned above.
I deleted the one file I uploaded from within wordpress and manually uploaded the file to the other folder and reset the link in the product. Everything seems to be working.
Does this sound right woo techs?
are you supposed to sftp them manually instead of using the browse button on the product?
I’ve done this and the downloads are now protected. The absolute link doesn’t work if you try to download the file directly: “You don’t have permission to access…”.
Now I have to try if the file is still available for the customer who has purchased the file… I hope so!
Good luck, Ocala.
All the links seem to work properly from the ‘my account’ as well as the email when I uploaded the file manually to the woocommerce_uploads folder and then manually edited the link to match that location. It doesn’t appear that the file can be grabbed from the direct link as it has a .htaccess in that folder. I just don’t understand why the upload button in the product area didn’t upload to that folder in the first place …
Same to woo itookmyprozac! lol
yep, I knew how to do a right usage of the woocommerce_upload folder thanks to this post (it’s probably the only post which talks about this issue).
The upload button should be add the ability to put and grab files from this folder, else doing this manually can provoke some mistakes.
Anyway, thanks Ocala and Itmp for this post.
This seems to be solved in the current version. The “Choose a file” button puts uploads straight into the woocommerce_upload folder and is properly protected.
This whole thing doesn’t work for me.
I can neither upload files via the plugin to woocommerce_upload nor via ftp because there is this htaccess file in it, which I can not delete. Damn!!!
Any help highly appreciated,
Roman
ah, solved. My provider resetted the folder rights recursive