• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

WP Express Checkout

Express Checkout Plugin for WordPress

  • Home
  • Documentation
  • Extensions
  • Login
    • Sign In
    • Edit Profile
    • Terms & Condtions
    • My Downloads
  • Support
    • Tutorials
  • Contact
  • Show Search
Hide Search
You are here: Home / Securing Downloadable Files in WP Express Checkout

Securing Downloadable Files in WP Express Checkout

The WP Express Checkout plugin includes a feature that limits the download link count and sets an expiry time for the links, enhancing the security of your downloadable files. However, it is still beneficial to obfuscate the folder containing these files for added protection. By combining these built-in security features with additional folder obfuscation techniques, you can further prevent unauthorized access and ensure your files are well-protected.

When you upload a downloadable file to WordPress’s media library, it can get indexed by search engines, making it accessible to unauthorized users. To increase the security of your downloadable files, it is recommended to obfuscate and protect the folders containing these files.

This documentation explains various techniques to obfuscate and hide downloadable files. You may want to use one or two methods from these options.

Note: Some of these methods may require technical knowledge and specific server capabilities. Not all methods will work on all servers or sites, so a trial-and-error process may be necessary.

Use a Hard-to-Guess Folder Name

Store files in a directory with a complex and hard-to-guess name. For example:

https://www.your-domain.com/downloads/IYqmiy76Hqa/

Empty Index.html File

Add a blank index.html file in the folder containing the downloadable files to prevent directory browsing. This will prevent anyone from browsing and seeing the content of that folder.

Download a blank index.html file (right-click and choose “Save As”).

.htaccess Protection

You can use the force download option in the downloadable product configuration then add a .htaccess file to the folder to deny any direct downloads. The force download option streams the file to the visitor using the special download link created by the plugin, preventing direct access to the file.

Create a .htaccess file with the following content in the folder to block direct access to the files.

deny from all

Restrict Access to Members Only

For certain business use cases, it might be beneficial to integrate with a membership plugin to offer downloads exclusively to members.

Helpful Resources

The FileZilla FTP client tutorial will be helpful if you are not already familiar with using FileZilla.

Primary Sidebar

Featured Addons/Extensions

Subscription Payments Addon

Custom Fields Addon

A Simple & Lightweight Plugin

Our Approach with the Plugin

Support Link

  • Contact Us

Search

Copyright © 2025 | WP Express Checkout Plugin | A member of the Tips and Tricks HQ family.