WooCommerce makes it really easy to sell digital content online. Whether you’re using DRM or not for your content, it’s best to not have a publicly-accessible link to your files. This article gives you a step-by-step process you can follow to create a WooCommerce secure download the proper way.
By default, WooCommerce will hide your files behind a link that looks like:
This allows you to limit the number of times a file is downloaded and how long a download link should be active for. But what if some nefarious customer follows the redirect from the download link and discovers that your files are actually stored out in the open under the
wp-content directory? They could easily post the link and anyone could simply download the file. There’s an easy way to prevent this from happening and to secure your WooCommerce downloadable files. Here’s the process:
Steps to WooCommerce Secure Downloads:
- Connect to your website via FTP or SFTP and browse to where your WordPress files are. You should see files like
wp-config.php, etc. This is your “webroot” and any files stored here or in sub-directories are (mostly) publicly-accessible by default, unless you’re using .htaccess rules.
- Browse to the folder above your webroot and create a folder named “downloads”. Upload all your downloadable files into this directory. Within your FTP client, you should see an option to copy the full path. In Transmit on OSX, it looks like this:
- Log in to your WooCommerce store and browse to the Edit Product page. Change the “File Paths” section from the old URL to the path you just copied:
Hit save and you’re done.
That’s it! Repeat this process to secure all of your WooCommerce downloadable files and place a test order to make sure you don’t encounter any errors. Once you’ve done this, you can delete the old files stored in your
wp-content/uploads directory. The format of your links won’t change at all and there’s no visible difference to the customer.