The WP Express Checkout plugin includes a feature that limits the download link count and sets an expiry time for the links, enhancing the security of your downloadable files. However, it is still beneficial to obfuscate the folder containing these files for added protection. By combining these built-in security features with additional folder obfuscation techniques, you can further prevent unauthorized access and ensure your files are well-protected.
When you upload a downloadable file to WordPress’s media library, it can get indexed by search engines, making it accessible to unauthorized users. To increase the security of your downloadable files, it is recommended to obfuscate and protect the folders containing these files.
This documentation explains various techniques to obfuscate and hide downloadable files. You may want to use one or two methods from these options.
Note: Some of these methods may require technical knowledge and specific server capabilities. Not all methods will work on all servers or sites, so a trial-and-error process may be necessary.
Use a Hard-to-Guess Folder Name
Store files in a directory with a complex and hard-to-guess name. For example:
https://www.your-domain.com/downloads/IYqmiy76Hqa/
Empty Index.html File
Add a blank index.html file in the folder containing the downloadable files to prevent directory browsing. This will prevent anyone from browsing and seeing the content of that folder.
Download a blank index.html file (right-click and choose “Save As”).
.htaccess Protection
You can use the force download option in the downloadable product configuration then add a .htaccess file to the folder to deny any direct downloads. The force download option streams the file to the visitor using the special download link created by the plugin, preventing direct access to the file.
Create a .htaccess file with the following content in the folder to block direct access to the files.
deny from all
Restrict Access to Members Only
For certain business use cases, it might be beneficial to integrate with a membership plugin to offer downloads exclusively to members.
Helpful Resources
The FileZilla FTP client tutorial will be helpful if you are not already familiar with using FileZilla.