Ready to get started?Download WordPress


Easy Digital Downloads
[resolved] How to prevent direct downloads? (13 posts)

  1. Ayek
    Posted 2 years ago #


    For example: Every month I put a podcast file, which is named logically by months:
    and so on
    So, it's easy to decode, that in July you can get my mp3 without logging, just entering http://mydomain.com/wp-content/uploads/edd/podcast_2012-07.mp3 in a browser address bar!

    I've tried some .htaccess tricks, but all of them break EDD PHP downloads.

    Any ideas how to allow EDD and prevent direct links?


  2. Pippin Williamson
    Pippin's Plugins and Plugin Reviewer
    Plugin Author

    Posted 2 years ago #

    It's something we're working on. Currently all files are accessed via direct URLs, but we're going to be moving to retrieving the downloads via absolute server paths, which will make them much harder to locate.

  3. Ayek
    Posted 2 years ago #

    I see.
    Good luck!

  4. Mikkel Breum
    Posted 1 year ago #

    Hi Pippin, I need this as well. For now I'll code something myself based on this:


    Maybe you can use the same tecnique.

    Place files outside webroot
    use php script to serve files via readfile() and control access dynamically.

  5. Placing files outside of the webroot and then specifying the absolute file path is already possible in EDD.

    EDD will detect that you have entered a file path and will serve the file appropriately.

  6. Mikkel Breum
    Posted 1 year ago #

    OK, that sounds good.

  7. unity100
    Posted 1 year ago #

    EDD doesnt detect if i give an absolute path to a file outside webroot for a download and serve it. instead it just redirects it to the page where download process was started by adding the file to a basket.

  8. It redirects when you try to download?

  9. unity100
    Posted 1 year ago #

    Scratch that - it was because of directoryindexes - index.html was being served by apache before index.php, and therefore when your plugin did a request to domain.com/?download...... the request was naturally sent to domain.com/index.html?download.....

    and since there was a html redirection set up in that index.html page, it was redirecting to another page.

    This was a server specific issue. but other users may get affected by the same thing since hosts may leave the default file for directoryindex as index.html

    maybe you should process download clicks not from domain.com/?download.... but instead submit the request to a custom page you create through the plugin - like the download pages etc it creates.

    anyway good evening. im out.

  10. That makes sense and thanks for the feedback.

  11. siyamak45
    Posted 1 year ago #

    This topic marked as resolved, but how? is this possible retrieve the downloads via absolute server paths?
    I placed my files in one of my servers and access theme through DNS Record form my domain. Now how can I use them? for example when I add something like "http://dl.domain.com/file.zip" as file url to my product, after purchase, the links aren't protected.

  12. Yes you can use absolute file paths, just make sure you place them outside of the web root.

    Using absolute file paths to files outside of the webroot is the only way to have absolute file protection.

  13. m107
    Posted 1 year ago #

    @Pippin can you show me an example of how to protect files? you mean storing file outside the public-html?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic