WooCommerce downloads no longer working

  • Resolved robpl1

    (@robpl1)


    9 months ago

    Until a few days ago all downloads were working fine. Now, however, all downloads are met with “File not found go to shop”. The files are there. So, I deactivated all the plugins, and all code snippets and the functions.php. Same message. Checked the WooCommerce logs – nothing relevant there. I’m at a loss here especially since this behaviour isn’t mirrored in my staging site. Downloads are OK there. I’ve checked the access rights on the containing folder and they’re fine and no new stuff has been migrated to the production server. The products are all listed as simple, virtual, download. Any suggestions?

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Sai (woo-hc)

    (@saivutukuru)

    9 months ago

    Hi @robpl1,

    I understand how frustrating it is when downloads suddenly stop working, especially since they’re fine on your staging site. A few things to check:

    1. Any recent changes on your server or hosting environment (PHP version, SSL, caching, security rules, file paths)?
    2. Do the download URLs work if opened directly in a browser?
    3. Are you using any CDN, caching, or download-protection plugin that might interfere?
    4. Can you confirm the download paths match the live server’s actual file locations?

    Once we have this info, sharing your WooCommerce System Status report (You can get a System Status Report by going to WooCommerce > Status > Get system report, then paste it into <u>https://pastebin.com</u&gt; or <u>https://gist.github.com</u&gt;) could help pinpoint the issue. 

    Also, does this affect all downloads or only specific products?

    Looking forward to your update!

    Thread Starter robpl1

    (@robpl1)

    9 months ago

    OK, I moved to PHP 8.4 about 2 months ago. The staging site is on the same server – a subsite of the domain. It was cloned from the production site around 10 days ago. I’m very strict on changes being made to Production without being tested, apart from WordPress security updates. Comes from becoming a Registered Prince 2 Practitioner after years in dev and sysadmin. This affects all downloads even ones that were successful last week. The files are in the download path as shown in the product admin page. In the Order admin page you can find and relink the correct product. The download will then fail saying it can’t be found, even if you take pres the ‘Copy Link’ button from the product listing in the Order Menu, paste that into any browser (Edge, Chrome and Opera were tested) and the file not found messae appears.. I found that somehow a staging folder had been entered as an approved download directory. I’ve made sure the directories are correctly listed but still get the problem. Status report follows:-

    WordPress Environment<br><br>WordPress address (URL): https://themusicrealm.com<br>Site address (URL): https://themusicrealm.com<br>WC Version: 10.1.2<br>Legacy REST API Package Version: The Legacy REST API plugin is not installed on this site.<br>Action Scheduler Version: ✔ 3.9.3<br>Log Directory Writable: ✔<br>WP Version: 6.8.2<br>WP Multisite: –<br>WP Memory Limit: 5 GB<br>WP Debug Mode: –<br>WP Cron: ✔<br>Language: en_GB<br>External object cache: – Server Environment<br><br>Server Info: Apache<br>Server Architecture: Linux 6.8.0-78-generic x86_64<br>PHP Version: 8.4.12<br>PHP Post Max Size: 512 MB<br>PHP Time Limit: 300<br>PHP Max Input Vars: 10000<br>cURL Version: 8.5.0<br>OpenSSL/3.0.13<br><br>SUHOSIN Installed: –<br>MySQL Version: 10.11.13-MariaDB-0ubuntu0.24.04.1<br>Max Upload Size: 512 MB<br>Default Timezone is UTC: ✔<br>fsockopen/cURL: ✔<br>SoapClient: ✔<br>DOMDocument: ✔<br>GZip: ✔<br>Multibyte String: ✔<br>Remote Post: ✔<br>Remote Get: ✔ Database<br><br>WC Database Version: 10.1.2<br>WC Database Prefix: G7dEx5_<br>Total Database Size: 444.56MB<br>Database Data Size: 231.87MB<br>Database Index Size: 212.69MB<br>G7dEx5_woocommerce_sessions: Data: 6.02MB + Index: 1.02MB + Engine InnoDB<br>G7dEx5_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_woocommerce_order_items: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_woocommerce_order_itemmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.05MB + Engine InnoDB<br>G7dEx5_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_acfw_store_credits: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_actionscheduler_actions: Data: 42.55MB + Index: 98.48MB + Engine InnoDB<br>G7dEx5_actionscheduler_claims: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_actionscheduler_groups: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_actionscheduler_logs: Data: 23.41MB + Index: 21.25MB + Engine InnoDB<br>G7dEx5_ajaxsearchpro: Data: 0.11MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_ajaxsearchpro_priorities: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_ajaxsearchpro_statistics: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_asp_index: Data: 0.17MB + Index: 0.23MB + Engine InnoDB<br>G7dEx5_asp_synonyms: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_benrueeg_users: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_cky_banners: Data: 0.05MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_cky_cookies: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_cky_cookie_categories: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_comments: Data: 0.02MB + Index: 0.09MB + Engine InnoDB<br>G7dEx5_cuw_campaigns: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_cuw_offers: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_cuw_stats: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_db7_forms: Data: 0.31MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_dgwt_wcas_index: Data: 1.52MB + Index: 0.56MB + Engine InnoDB<br>G7dEx5_dgwt_wcas_invindex_cache: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_dgwt_wcas_invindex_doclist: Data: 4.52MB + Index: 5.03MB + Engine InnoDB<br>G7dEx5_dgwt_wcas_invindex_wordlist: Data: 1.52MB + Index: 2.72MB + Engine InnoDB<br>G7dEx5_dgwt_wcas_stats: Data: 0.14MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_duplicator_activity_logs: Data: 0.50MB + Index: 0.20MB + Engine InnoDB<br>G7dEx5_duplicator_backups: Data: 3.02MB + Index: 0.14MB + Engine InnoDB<br>G7dEx5_duplicator_entities: Data: 0.05MB + Index: 0.14MB + Engine InnoDB<br>G7dEx5_find_and_replace: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_gdpr_cc_options: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_groups_capability: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_groups_group: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_groups_group_capability: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_groups_user_capability: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_groups_user_group: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_jetpack_sync_queue: Data: 0.02MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_jetpack_waf_blocklog: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_mwai_filemeta: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_mwai_files: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_options: Data: 11.44MB + Index: 1.28MB + Engine InnoDB<br>G7dEx5_pmxe_exports: Data: 1.52MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxe_google_cats: Data: 0.38MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxe_posts: Data: 1.52MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxe_templates: Data: 0.13MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxi_files: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxi_geocoding: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_pmxi_hash: Data: 0.06MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxi_history: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxi_images: Data: 0.31MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxi_imports: Data: 1.50MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxi_posts: Data: 1.52MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_pmxi_templates: Data: 0.05MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_postmeta: Data: 85.66MB + Index: 70.20MB + Engine InnoDB<br>G7dEx5_posts: Data: 35.50MB + Index: 3.69MB + Engine InnoDB<br>G7dEx5_pp_activity_logs: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_rank_math_404_logs: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rank_math_analytics_gsc: Data: 0.02MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_rank_math_analytics_inspections: Data: 0.02MB + Index: 0.09MB + Engine InnoDB<br>G7dEx5_rank_math_analytics_objects: Data: 1.52MB + Index: 0.28MB + Engine InnoDB<br>G7dEx5_rank_math_internal_links: Data: 0.06MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_rank_math_internal_meta: Data: 0.14MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_rcb_asset_seo_redirect: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_rcb_blocker_thumbnails: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_consent: Data: 0.02MB + Index: 0.05MB + Engine InnoDB<br>G7dEx5_rcb_revision: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_revision_independent: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_scan: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_scan_markup: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_stats: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_stats_buttons_clicked: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_stats_custom_bypass: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_template: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_rcb_template_translation: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_real_queue: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_search_filter_fieldmeta: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_search_filter_fields: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_search_filter_options: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_search_filter_queries: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_search_filter_querymeta: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_search_filter_stylemeta: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_search_filter_styles: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_termmeta: Data: 1.52MB + Index: 1.75MB + Engine InnoDB<br>G7dEx5_terms: Data: 0.28MB + Index: 0.25MB + Engine InnoDB<br>G7dEx5_term_relationships: Data: 1.36MB + Index: 1.42MB + Engine InnoDB<br>G7dEx5_term_taxonomy: Data: 0.08MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_test_email_logs: Data: 0.06MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_ulike: Data: 0.03MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_ulike_activities: Data: 0.02MB + Index: 0.08MB + Engine InnoDB<br>G7dEx5_ulike_comments: Data: 0.03MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_ulike_forums: Data: 0.03MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_ulike_meta: Data: 0.20MB + Index: 0.27MB + Engine InnoDB<br>G7dEx5_usermeta: Data: 0.30MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB<br>G7dEx5_wc_admin_notes: Data: 0.05MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wc_admin_note_actions: Data: 0.05MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wc_category_lookup: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wc_customer_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_wc_orders: Data: 0.02MB + Index: 0.13MB + Engine InnoDB<br>G7dEx5_wc_orders_meta: Data: 0.06MB + Index: 0.11MB + Engine InnoDB<br>G7dEx5_wc_order_addresses: Data: 0.02MB + Index: 0.08MB + Engine InnoDB<br>G7dEx5_wc_order_coupon_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_wc_order_operational_data: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_wc_order_product_lookup: Data: 0.02MB + Index: 0.08MB + Engine InnoDB<br>G7dEx5_wc_order_stats: Data: 0.02MB + Index: 0.05MB + Engine InnoDB<br>G7dEx5_wc_order_tax_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_wc_product_attributes_lookup: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wc_product_download_directories: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wc_product_meta_lookup: Data: 0.36MB + Index: 0.67MB + Engine InnoDB<br>G7dEx5_wc_rate_limits: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wc_reserved_stock: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wc_tax_rate_classes: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wfpklist_template_data: Data: 0.09MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpc_accesslocks: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpc_login_fails: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpforms_entries: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wpforms_entry_fields: Data: 0.02MB + Index: 0.05MB + Engine InnoDB<br>G7dEx5_wpforms_entry_meta: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wpforms_file_restrictions: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_wpforms_logs: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpforms_payments: Data: 0.02MB + Index: 0.14MB + Engine InnoDB<br>G7dEx5_wpforms_payment_meta: Data: 0.02MB + Index: 0.05MB + Engine InnoDB<br>G7dEx5_wpforms_protected_files: Data: 0.02MB + Index: 0.06MB + Engine InnoDB<br>G7dEx5_wpforms_tasks_meta: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpf_filters: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpf_meta_keys: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wpf_meta_values: Data: 0.02MB + Index: 0.03MB + Engine InnoDB<br>G7dEx5_wpf_meta_values_bk: Data: 0.02MB + Index: 0.02MB + Engine InnoDB<br>G7dEx5_wpmailsmtp_debug_events: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpmailsmtp_tasks_meta: Data: 0.02MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpmelon_advbedit_temp: Data: 0.11MB + Index: 0.00MB + Engine InnoDB<br>G7dEx5_wpml_mails: Data: 0.02MB + Index: 0.03MB + Engine InnoDB Post Type Counts<br><br>acf-field: 54<br>acf-field-group: 3<br>acf_cards: 2<br>acf_views: 18<br>attachment: 8930<br>br_product_filter: 1<br>composers: 204<br>custom_css: 3<br>forum: 1<br>jp_img_sitemap: 19<br>jp_img_sitemap_index: 3<br>jp_pay_product: 14<br>jp_sitemap: 9<br>jp_sitemap_index: 3<br>jp_sitemap_master: 3<br>jp_vid_sitemap: 3<br>oembed_cache: 14<br>page: 17<br>popup: 2<br>popup_theme: 8<br>post: 52<br>product: 2576<br>rcb-banner-link: 1<br>rcb-cookie: 1<br>reviews: 54<br>revision: 2911<br>rm_content_editor: 1<br>shop_coupon: 2<br>shop_order_placehold: 14<br>sp_post_carousel: 3<br>sp_wp_tabs: 1<br>viwcpf_filter_block: 4<br>viwcpf_filter_menu: 1<br>viwec_template: 14<br>wcapf-filter: 1<br>wcapf-form: 1<br>wcpf_item: 4<br>wcpf_project: 1<br>wpas_cross_rating: 2<br>wpas_review: 2<br>wpcode: 30<br>wpforms: 7<br>wp_block: 2<br>wp_font_face: 33<br>wp_font_family: 12<br>wp_global_styles: 1<br>wp_navigation: 6<br>wp_template: 21<br>wp_template_part: 6<br>yith_wcan_preset: 1<br>ymc_filters: 4 Security<br><br>Secure connection (HTTPS): ✔<br>Hide errors from visitors: ✔ Active Plugins (46)<br><br>3D FlipBook : DearFlip Lite: by DearHive – 2.3.75<br>Advanced Views Lite: by WPLake – 3.7.19<br>Advanced Custom Fields: by WP Engine – 6.5.0<br>FiboSearch - AJAX Search for WooCommerce (Pro): by FiboSearch Team – 1.31.0<br>Block Visibility: by Nick Diego – 3.7.1<br>Duplicator Pro: by Duplicator – 4.5.22.5<br>Enable Media Replace: by ShortPixel – 4.1.6<br>Facebook for WooCommerce: by Facebook – 3.5.7<br>GDPR Cookie Compliance: by Moove Agency – 5.0.6<br>HEIC Support: by Breakfast – 2.1.3<br>WPCode Lite: by WPCode – 2.3.0<br>Jetpack: by Automattic – 15.0<br>Pinterest for WooCommerce: by WooCommerce – 1.4.21<br>Redis Object Cache: by Till Krüss – 2.6.5<br>Restrict Usernames Emails Characters: by benaceur – 4.1.1<br>Rank Math SEO: by Rank Math SEO – 1.0.252.1<br>Smart Post Show Pro: by ShapedPlugin<br>LLC – 3.0.1<br><br>SVG Support: by – 2.5.14<br>10Web Booster: by 10Web - Website speed optimization team – 2.32.7<br>Term Management Tools: by theMikeD<br>scribu – 2.0.1<br><br>TikTok: by TikTok – 1.3.5<br>TMR Create Custom Post Types: by RPL – 1.0<br>TMR Create Custom Taxonomies: by RPL – 1.0<br>TMR Minimum Purchase Quantity: by Your Name – 1.0<br>TMR Open AI Interface: by RPL – 1.0<br>TMR Compare Product Reviews: by RPL – 1.0<br>Ultimate Blocks: by Ultimate Blocks – 3.4.1<br>WaterWoo PDF Premium: by Sagehen Studio – 3.11.8<br>WooCommerce.com Update Manager: by Automattic – 1.0.3<br>WooCommerce Advanced Bulk Edit: by WPMelon – 5.5.4.2<br>WooPayments: by WooCommerce – 9.9.0<br>WooCommerce: by Automattic – 10.1.2<br>WordPress Importer: by wordpressdotorg – 0.9.0<br>WP All Export Pro: by Soflyy – 1.9.11<br>WP All Import Pro: by Soflyy – 4.11.5<br>WP Mail Logging: by WP Mail Logging Team – 1.14.0<br>WP Mail SMTP: by WP Mail SMTP – 4.6.0<br>WP Meta and Date remover: by Prasad Kirpekar – 2.3.6<br>WP ULike: by TechnoWich – 4.7.11<br>WP All Export - ACF Export Add-On Pro: by Soflyy – 1.0.6<br>WP All Export - WooCommerce Export Add-On Pro: by Soflyy – 1.0.10<br>WP All Import - ACF Add-On: by Soflyy – 3.3.9<br>WP All Import - User Import Add-On Pro: by Soflyy – 1.1.9<br>WP All Import - WooCommerce Import Add-On Pro: by Soflyy – 4.0.5<br>WPForms Brevo: by WPForms – 1.5.0<br>WPForms: by WPForms – 1.9.7.3 Inactive Plugins (9)<br><br>Klaviyo: by Klaviyo<br>Inc. – 3.7.0<br><br>Microsoft Clarity: by Microsoft – 0.10.7<br>Password Protected: by Password Protected – 2.7.10<br>Post Type Switcher: by Triple J Software<br>Inc. – 4.0.0<br><br>Product Sales Report Pro for WooCommerce: by WP Zone – 2.2.44<br>Regenerate Thumbnails: by Alex Mills (Viper007Bond) – 3.1.6<br>Smart Image Resize PRO: by Nabil Lemsieh – 1.14.0<br>WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: by WebToffee – 4.8.3<br>YellowPencil Pro: by WaspThemes – 7.6.7 Dropin Plugins ()<br><br>advanced-cache.php: advanced-cache.php<br>maintenance.php: maintenance.php Must Use Plugins (1)<br><br>WP Toolkit Worker Plugin: by – 6.5.2-8712 Settings<br><br>Legacy API Enabled: –<br>Force SSL: –<br>Currency: GBP (£)<br>Currency Position: left<br>Thousand Separator: ,<br>Decimal Separator: .<br>Number of Decimals: 2<br>Taxonomies: Product Types: external (external)<br>grouped (grouped)<br>simple (simple)<br>variable (variable)<br><br>Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog)<br>exclude-from-search (exclude-from-search)<br>featured (featured)<br>outofstock (outofstock)<br>rated-1 (rated-1)<br>rated-2 (rated-2)<br>rated-3 (rated-3)<br>rated-4 (rated-4)<br>rated-5 (rated-5)<br><br>Connected to WooCommerce.com: ✔<br>Enforce Approved Product Download Directories: ✔<br>HPOS feature enabled: ✔<br>Order datastore: Automattic\WooCommerce\Internal\DataStores\Orders\OrdersTableDataStore<br>HPOS data sync enabled: –<br>Enabled Features: analytics<br>marketplace<br>order_attribution<br>site_visibility_badge<br>hpos_fts_indexes<br>hpos_datastore_caching<br>remote_logging<br>email_improvements<br>blueprint<br>custom_order_tables Logging<br><br>Enabled: ✔<br>Handler: Automattic\WooCommerce\Internal\Admin\Logging\LogHandlerFileV2<br>Retention period: 30 days<br>Level threshold: –<br>Log directory size: 97 MB WC Pages<br><br>Shop base: #1414971 - /shop/<br>Basket: #7 - /basket/ - Contains the &#091;woocommerce_cart] shortcode<br>Checkout: #8 - /checkout/ - Contains the &#091;woocommerce_checkout] shortcode<br>My account: #9 - /my-account/ - This page's content is overridden by custom template content<br>Terms and conditions: ❌ Page not set Theme<br><br>Name: Twenty Twenty-Four Child<br>Version: 1.0<br>Author URL: https://megapower.co<br>Child Theme: ✔<br>Parent Theme Name: Twenty Twenty-Four<br>Parent Theme Version: 1.3<br>Parent Theme Author URL: https://en-gb.wordpress.org<br>Theme type: Block theme<br>WooCommerce Support: ❌ Not declared Templates<br><br>Overrides: /var/www/vhosts/themusicrealm.com/httpdocs/wp-content/plugins/woocommerce/templates/block-notices/error.php<br>/var/www/vhosts/themusicrealm.com/httpdocs/wp-content/plugins/woocommerce/templates/block-notices/notice.php<br>/var/www/vhosts/themusicrealm.com/httpdocs/wp-content/plugins/woocommerce/templates/block-notices/success.php WooPayments<br><br>Version: 9.9.0<br>Connected to WPCOM: Yes<br>WPCOM Blog ID: 235832028<br>Account ID: acct_1PlUMkCNxAFTBRh9<br>Payment Gateway: Enabled<br>Test Mode: Disabled<br>Enabled APMs: card<br>WooPay: Not eligible<br>Apple Pay / Google Pay: Enabled (cart,checkout)<br>Fraud Protection Level: basic<br>Multi-currency: Enabled<br>Auth and Capture: Disabled<br>Documents: Enabled<br>Logging: Enabled Admin<br><br>Enabled Features: activity-panels<br>analytics<br>product-block-editor<br>coupons<br>core-profiler<br>customize-store<br>customer-effort-score-tracks<br>import-products-task<br>experimental-fashion-sample-products<br>shipping-smart-defaults<br>shipping-setting-tour<br>homescreen<br>marketing<br>mobile-app-banner<br>onboarding<br>onboarding-tasks<br>pattern-toolkit-full-composability<br>product-custom-fields<br>remote-inbox-notifications<br>remote-free-extensions<br>payment-gateway-suggestions<br>printful<br>shipping-label-banner<br>subscriptions<br>store-alerts<br>transient-notices<br>woo-mobile-welcome<br>wc-pay-promotion<br>wc-pay-welcome-page<br>launch-your-store<br>add-to-cart-with-options-stepper-layout<br><br>Disabled Features: product-data-views<br>experimental-blocks<br>experimental-iapi-mini-cart<br>experimental-iapi-runtime<br>coming-soon-newsletter-template<br>minified-js<br>product-pre-publish-modal<br>settings<br>async-product-editor-category-field<br>product-editor-template-system<br>use-wp-horizon<br>experimental-wc-rest-api<br><br>Daily Cron: ✔ Next scheduled: 2025-09-08 14:15:17 +00:00<br>Options: ✔<br>Notes: 51<br>Onboarding: skipped Action Scheduler<br><br>Canceled: 4<br>Oldest: 2025-08-14 10:51:32 +0000<br>Newest: 2025-09-03 04:51:23 +0000<br><br>Complete: 90,448<br>Oldest: 2025-08-08 09:53:42 +0000<br>Newest: 2025-09-08 09:53:19 +0000<br><br>Failed: 1,231<br>Oldest: 2023-08-07 15:03:29 +0000<br>Newest: 2025-09-07 17:21:19 +0000<br><br>Pending: 26<br>Oldest: 2025-09-08 10:39:57 +0000<br>Newest: 2025-09-20 12:55:21 +0000 Status report information<br><br>Generated at: 2025-09-08 09:53:28 +00:00<br>
    Plugin Support Frank Remmy (woo-hc)

    (@frankremmy)

    9 months ago

    Hi @robpl1,

    Thanks for the detailed update. It’s helpful to know that the issue affects all downloads, even those that previously worked, and that your staging site (on the same server) doesn’t mirror the problem.

    The fact that a staging folder had been listed as an approved download directory is a key clue. Even though you’ve corrected the directory listings, it’s possible that some download permissions or file paths are still referencing outdated or invalid locations. Since the download links fail even when copied directly into a browser, this suggests the issue may lie in how WooCommerce is resolving file paths or validating access.

    A few things to try next:

    • Double-check the Approved Download Directories under WooCommerce → Settings → Products → Downloadable Products → Approved Product Download Directories to ensure only valid production paths are listed. Remove any staging or incorrect path.
    • Review the actual file paths on the server and compare them to what’s stored in the database for those products, especially in the woocommerce_downloadable_product_permissions table.
    • If you’re using force downloads, test switching to redirect only or X-Accel-Redirect/X-Sendfile temporarily to see if the behavior changes.
    • Look into any server-level redirects or security modules (like ModSecurity) that might be interfering with file access.
    •  Since you’re on PHP 8.4, check if your hosting has allow_url_fopen enabled. If you’re using “Force Downloads” method, this PHP function is required.
    • Try this for one affected product:
      • Edit a product that’s failing
      • Go to the “Downloadable files” section
      • Remove all downloadable files
      • Update the product
      • Add the files back (ensuring the main file is first in the list)
      • Update again

    Let me know how it goes!

    Thread Starter robpl1

    (@robpl1)

    9 months ago

    I have Nginx disabled as I have observed that on this type of site it causes problems. With it enabled I get large numbers of server 500 errors. I had Force Download set so tried  X-Accel-Redirect to no effect. I tried the Rhad the Redirect Only option but get a 403 error. Now I could understand that as I had the access rights set to oct440 to prevent direct access. I changed back to 0750 which seems to have resolved the issue. However this kicks the can down the road a bit. I’ve been using 0440 for 18 months and last Thursday was the first time it ran into this problem. After experimentation I have reverted to 0750. Apparently the eXecute right needs to be enabled.

    Plugin Support Frank Remmy (woo-hc)

    (@frankremmy)

    9 months ago

    Hi @robpl1,

    Great detective work! Your experimentation and insights are incredibly helpful. It’s great to hear that reverting the folder permissions to 0750 resolved the issue, even if it raises questions about why 0440 worked for so long.

    You’re absolutely right: the execute (x) permission on directories is essential for allowing access to the contents, even if read permissions are present. Without it, the server can’t traverse the directory to locate the file, which explains the 403 error you encountered with “Redirect Only.”

    Given that your setup had been stable for 18 months, it’s possible that a recent update, whether to PHP, Apache, or even a subtle change in server configuration, tightened how permissions are enforced. It might be worth checking with your host if any security policies or file access rules were updated recently.

    For now, using 0750 is a solid workaround, and it aligns with best practices for secure but functional access.

    I hope that helps. Let us know if you need anything else.

    Thread Starter robpl1

    (@robpl1)

    9 months ago

    One thing does concern me. As I indicated I’ve had the settings such that even if you could guess the file name and where it was stored the Access rights were such that you couldn’t download. OK. But the ‘products’ folder contains no executable code, nor should it ever. So why does it need executable rights to be able to download? After all that’s just a ‘Read’ operation. This appears to me to be a huge potential security risk.

    LovingBro (woo-hc)

    (@lovingbro)

    9 months ago

    Hi @robpl1,

    I understand your concern about needing execute permissions when the folder only holds static files. The key detail is that on Unix-like systems, the execute bit on a directory means traverse, not run code. The web server or PHP process must be able to traverse each directory in the path to reach the file. Read alone lets you list names when combined with execute, but without execute, the server cannot step into the folder to open the file, which leads to 403 or file not found, even though the file exists.

    A few practical guidelines to keep things secure and working
    Use 750 on the download directories and 640 on the files, owned by your user with the web server group, so only the server can traverse and read, and nothing is world-readable.

    Prefer Force downloads for WooCommerce so files are served by PHP and never directly exposed. Reference here: https://woocommerce.com/document/digital-downloadable-product-handling/

    If your host supports X Sendfile or X Accel Redirect, these are efficient and still require directory traverse permissions.

    Keep downloads in the approved directory WooCommerce manages, and confirm entries here match production paths exactly: https://woocommerce.com/document/approved-download-directories/

    Consider storing the files outside the webroot and pointing WooCommerce to that absolute path. That keeps them unreachable by direct HTTP while still allowing the handler to read and serve them.

    Why 0440 seemed to work before
    Server or PHP updates can tighten permission checks, so a path that was effectively bypassing a missing execute bit may now be strictly enforced. Different handlers, caching layers, or subtle path differences between staging and production can also change how strictly traversal is required.

    If you want an extra hardening layer, verify there is a restrictive .htaccess in uploads for direct access protection, which WooCommerce places in its download directory by default. The handler still needs traverse permission at the filesystem level, but direct URL hits are denied.

    Feel free to let us know how it goes.

    Thread Starter robpl1

    (@robpl1)

    9 months ago

    The thing is that it looks like WordPress have changed the requirements for folders. For example I have a folder called look-inside which, as the name suggests, is a collect of shorted versions of the pdfs, watermarked, and displaying as flip books. These also had stopped working and also required me to add executable rights to a folder that has no executables in, nor will it nor should it. So it looks like WP have for some reason changed the requirements? I had the rights as 0640, that now have to be 0750, yet the original access rights have been there since I created the site. Something in the core code has changed – for the worse.

    LovingBro (woo-hc)

    (@lovingbro)

    9 months ago

    Hi @robpl1,

    Totally hear you—the “execute” bit on folders feels counter-intuitive when you’re only serving static files. On Unix filesystems though, execute on a directory means “traverse,” not “run.” Without it, the web server (Apache/PHP-FPM) can’t step into the directory to open a file, even if the file itself is readable. That’s why 0440/0640 on directories will block access, while 0750 works.

    A couple clarifications that should ease the worry:

    • No change in WordPress core requires executables. This is OS/filesystem behavior. What likely changed is your server environment or policy (e.g., PHP 8.4 upgrade, web-server user/group, switch from mod_php to PHP-FPM, hardened defaults, SELinux/AppArmor, or host security rules). Those can tighten traversal checks so a previously permissive setup now enforces correct directory perms.
    • Correct baseline perms (owner = your user; group = webserver, e.g., www-data/apache/nginx):
      • Directories: 750
      • Files: 640
      • If you need broader access, 755/644 is acceptable, just less tight.
    • The “look-inside” flipbooks failing until you added x aligns with this: the server must traverse each path segment to read assets.

    For downloads specifically:

    • Keep Force Downloads or X-Sendfile/X-Accel-Redirect (if supported). They still require directory traverse, but files aren’t exposed directly.
    • Ensure Approved Download Directories point only to your production paths.
    • If you want maximum hardening, place downloads outside webroot and let WooCommerce serve them; keep an .htaccess/Nginx deny in any public fallback directory.

    If you want to double-check everything quickly:

    1. Confirm ownership chown -R youruser:www-data /path/to/site (adjust group)
    2. Apply sane perms
    find /path/to/site -type d -exec chmod 750 {} \;
find /path/to/site -type f -exec chmod 640 {} \;
    1. Review recent infra changes
    • PHP handler (mod_php → PHP-FPM), PHP 8.4 upgrade
    • Apache/Nginx updates, SELinux/AppArmor policies
    • Hosting security modules (ModSecurity rules)

    You’re on the right track with 0750 for directories. That’s secure and standard, and it doesn’t imply executable code—just permission to traverse. If anything else crops up, share a failing URL pattern plus current owner:group on the path and we can zero in further.

    Thread Starter robpl1

    (@robpl1)

    9 months ago

    OK, totally get where you’re coming from with that and thanks for the gen. Just that I upgraded to PHP 8.4 about 3 months ago and haven’t been alerted to any upgrades in the last week which is when this behaviour started to display. Some other dev stuff I’ve been doing has error logs that suggest I’ll need to update some of my existing 1400+ lines in functions.php to match 8.4 reqs 🙂

    I reckon we can put this to bed now.

    Moses M. (woo-hc)

    (@mosesmedh)

    9 months ago

    Awesome @robpl1,

    I’m glad to hear you found my colleague’s response helpful, and thank you for getting back to let us know.

    In the meantime, if the support you received in the forum has been helpful, we’d truly appreciate it if you could take a moment to leave a review for the WooCommerce plugin here: https://wordpress.org/support/plugin/woocommerce/reviews/#new-post.

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘WooCommerce downloads no longer working’ is closed to new replies.

Tags