Support » Plugin: WooCommerce » woocommerce, Digital download is secure?

  • Hi,

    I am thinking to use woo commerce for selling music files mp3 and zip, but I was wondering if it is secure to upload all my digital files on my server.
    There is any secure way to do that, I mean to upload the files into a folder with restricted permission or without permission for example?
    Any idea.


Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Mike Jolley


    If you’re not using the redirect method of downloading, and you upload your files through WC, they should be placed into a protected directory. Try accessing them directly and you should get error 403



    Hi there, I’ve searched around and haven’t been able to find a direct answer/solution for my similar/particular problem.

    I am using filezilla/FTP, and using Add From Server plugin to create images in my library (easier sorting on my end). That being said, I write out my files like the following so that it’s easier for the user/buyer to read/understand, but if I do this the file path is not secure/concealed and one could simply append another title and download that image (uploading images into a folder within uploads):

    a.) Dubai City | Dubai, United Emirates_Color.JPG

    If I upload to Worpress Media Library, it will convert my files to the following:

    b.) dubai-city-dubai-united-emirates_color.jpg

    which seems to (I assume) allow my file path to be concealed (which is great). Unfortunately, I do not want to upload to WordPress Media Library since it will rewrite my file names. My downlaodbable products file sizes range anywhere from 5MB – 60MB. Is there way to achieve this?

    I have tried both Force Download and X-Accel-Redirect/X-Sendfile, but both options, when uploading through ftp, do not conceal the file path. I would greatly appreciate your help with this.


    • This reply was modified 3 years ago by Tflores57.

    This is what I did.

    I skipped the Media Library all together and created a DOWNLOADS folder on my server like this: http://www.[yourdomain].com/downloads. I then uploaded all my files in there.

    My webhost allows me to create htaccess files. These are simple text files called .htaccess (no extention at all; remember the DOT infront) You edit them with a standard text editor. Edit them and then add the following.

    deny from all

    Now save and upload the file into your DOWNLOADS folder.

    If you try to access this DOWNLOADS folder with your browser, then you will get a 403 FORBIDDEN error which is exactly what you want.

    Now add the download via WooCommerce, but the link to the download should be http://www.[yourdomain].com/downloads/%5BDownloadName.ext%5D

    WooCommerce will still serve the file and your client will be able to download it, but only via your website after payment!

    Have fun!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘woocommerce, Digital download is secure?’ is closed to new replies.