Modifying EDD .htaccess file rules

Easy Digital Downloads uses a .htaccess file (for Apache servers) to protect product download files. This file is placed in wp-content/uploads/edd/. The rules in the file will differ depending on your Download Method set in Downloads → Settings → Misc.

If Download Method is set to Forced, the default .htaccess rules are:

Options -Indexes
deny from all
<FilesMatch '\.(jpg|png|gif|mp3|ogg)

If Download Method is set to Redirect, the rules are:

Options -Indexes

These rules can be changed using the edd_protected_directory_htaccess_rules filter. For example, if you want to block direct access to .mp3 files (by default they are allowed), you can use this:

<?php
function edd_custom_modify_htaccess_rules( $rules, $method ) {
	
	switch( $method ) :

		case 'redirect' :
			// Prevent directory browsing
			$rules = "Options -Indexes";
			break;

		case 'direct' :
		default :
			// Prevent directory browsing and direct access to all files, except images (they must be allowed for featured images / thumbnails)
			$rules = "Options -Indexes\n";
			$rules .= "deny from all\n";
			$rules .= "<FilesMatch '\.(jpg|png|gif|ogg)>\n";
			    $rules .= "Order Allow,Deny\n";
			    $rules .= "Allow from all\n";
			$rules .= "</FilesMatch>\n";
			break;

	endswitch;

	return $rules;
}
add_filter( 'edd_protected_directory_htaccess_rules', 'edd_custom_modify_htaccess_rules', 10, 2 );

In order for the changes to take affect, go to Downloads → Settings → Misc and click “Save Changes”.

You can also use the free EDD .htacces Editor extension to modify these rules without touching any PHP.

Emptying .htaccess

If you need to get rid of everything, including

Options -Indexes

then you can use a function similar to above, but with nothing in it. Example:

<?php
function edd_custom_modify_htaccess_rules( $rules, $method ) {
	$rules = "";

	return $rules;
}
add_filter( 'edd_protected_directory_htaccess_rules', 'edd_custom_modify_htaccess_rules', 10, 2 );