Checkout: Secure your Downloads folder
WordPress Shopping Cart plugin: Secure your Downloads folder
If you have digital products with digital files in your shop, you may want to consider securing the folder where the digital files and downloads are stored. This can be done by putting a .htaccess file in the
wp-content/uploads/wp-checkout/downloads folder. If you don’t know how to set this up, instruction are provided below.
Follow the steps below:
Step 1: Create a .htpasswd file
Create a new text file on your server. Name this new file .htpasswd
Step 2: Generate a username/password combination
You need to generate an encrypted password to use in the .htpasswd file, each user that can access this folder must get a new line in the .htpasswd file with their own password. See an example below:
A good place to generate passwords is here if you don’t already have a preferred generator. All you must do here is type the username and desired password and click on the “Encrypt” button.
Copy and paste the line it gives you into your .htpasswd file – new line for every user.
Step 3: Upload your .htpasswd file
Upload the .htpasswd file to a location on your server that cannot be accessed form a web browser – in other words, you should not be able to go to http://yourdomain/.htpasswd – it should be in a home directory or other location that is secure.
Step 4: Create a .htaccess file
You must now create a new text file called .htaccess in your “wp-content/uploads/wp-checkout/downloads” folder. In this file you must add the following text:
AuthUserFile /path-to-htpasswd-file/.htpasswd AuthGroupFile /dev/null AuthName "Name of Area" AuthType Basic require valid-user
Change “path-to-htpasswd-file” to the file location where you uploaded the .htpsswd file to as mentioned in ‘Step 3’.
Change “Name of Area” to the section on your site that you are wanting to protect. This is used primarily when you have multiple areas with different protection levels.
NOTE: Make sure you are saving/uplaoding the .htaccess file to the folder that you are wanting to protect. In this case, it is the “wp-content/uploads/wp-checkout/downloads” folder.
If you have done it all correctly, you will see a login screen similar to the one seen in the image below when trying got access that folder with the .htaccess file in it
You can test that the password works by accessing the URL. If your password doesn’t work, go back to the encryption programs and encrypt it again, remember that the username and password will be case-sensitive. If you are not prompted for a password, contact your system administrator to make sure that HTAccess is turned on for your site.