Download Files Not Protected on NGINX
By default, Easy Digital Downloads will protect download files inside of the wp-content/uploads/edd/ folder with a .htaccess, but this will only work if your site is running on Apache. If your site is running on NGINX, the download files will not be protected and will be able to be downloaded by anyone. This doc will walk you through protecting the download files by adding a custom redirect rule to your site's configuration.
To properly protect the files on NGINX, you will need to register a redirect in your site's server config that prevents users from directly accessing the download files.
Setting up a redirect with WP Engine
The rule you need paste into source is:
If you are selling other file formats than ZIP files, you'll need to enter rules for their file types as well.
Protecting your files on Pantheon
Pantheon does not currently allow custom NGINX rewrite rules. To properly protect your files on Pantheon, you will need to install our
Pantheon Compatibility extension and activate it on your website. This plugin converts the standard EDD directory to work within the protected directory provided by Pantheon.
Manually Configuring the Redirect
If you are on a self-hosted VPS or other hosting account, you may need to modify the redirect rules in the server config directly.
If you are manually adding the redirect to your server config, it will look like this:
rewrite ^/wp-content/uploads/edd/(.*)\.zip$ / permanent;