Are download files protected?
Yes, all files attached to Download products are protected from theft. When a file is uploaded to a Download product, it is automatically placed in a special folder on your server that is protected via a . htaccess file. This prevents a web browser from simply visiting the folder that holds your files and viewing them all.
How does the download work?
Easy Digital Downloads knows where the file is, and has permission to access it. The download link the customer receives goes to a special URL that does things like determine if the file is allowed to be accessed at all, fetch the file and send it to the browser, etc.
What about if it's hosted someplace like Dropbox, or Amazon?
What if my server isn't using Apache?
Files are only protected by default on servers that use Apache. If your server is running something else you will need to take a look at protecting them through another means. Here are some articles to help with different server configurations known to need custom tweaking:
- Protecting files on NGINX
- Protecting files on WPEngine
- Protecting files on Pantheon
- Protecting files on Kinsta
What about images and audio files?
Image files and Audio files (MP3/OGG) are 2 exceptions to the "protected" rule. They are left unprotected so that your visitors can actually see the images you upload - like your download's featured image, or hear the preview audio you upload for an audio product. Because of this, it's important to note that if you happen to be selling images or audio files, image files and audio files will not be protected even though they are in the protected directory. To fix this, we recommend that your actual deliverable files are compressed into a .zip file before uploading to your website. To read more about that, click here.