Checkout: Secure your Downloads folder

WordPress Shopping Cart plugin: Secure your Downloads folder

If you have digital products with digital files in your shop, you may want to consider securing the folder where the digital files and downloads are stored. This can be done by putting a .htaccess file in the wp-content/uploads/wp-checkout/downloads folder. If you don’t know how to set this up, instruction are provided below.

Follow the steps below:

Step 1: Create a .htpasswd file

Create a new text file on your server. Name this new file .htpasswd

Step 2: Generate a username/password combination

You need to generate an encrypted password to use in the .htpasswd file, each user that can access this folder must get a new line in the .htpasswd file with their own password. See an example below:


A good place to generate passwords is here if you don’t already have a preferred generator. All you must do here is type the username and desired password and click on the “Encrypt” button.

Copy and paste the line it gives you into your .htpasswd file – new line for every user.

Step 3: Upload your .htpasswd file

Upload the .htpasswd file to a location on your server that cannot be accessed form a web browser – in other words, you should not be able to go to http://yourdomain/.htpasswd – it should be in a home directory or other location that is secure.

Step 4: Create a .htaccess file

You must now create a new text file called .htaccess in your “wp-content/uploads/wp-checkout/downloads” folder. In this file you must add the following text:

AuthUserFile /path-to-htpasswd-file/.htpasswd
AuthGroupFile /dev/null
AuthName "Name of Area"
AuthType Basic
require valid-user

Change “path-to-htpasswd-file” to the file location where you uploaded the .htpsswd file to as mentioned in ‘Step 3’.

Change “Name of Area” to the section on your site that you are wanting to protect. This is used primarily when you have multiple areas with different protection levels.

NOTE: Make sure you are saving/uplaoding the .htaccess file to the folder that you are wanting to protect. In this case, it is the “wp-content/uploads/wp-checkout/downloads” folder.

Final Result

If you have done it all correctly, you will see a login screen similar to the one seen in the image below when trying got access that folder with the .htaccess file in it

You can test that the password works by accessing the URL. If your password doesn’t work, go back to the encryption programs and encrypt it again, remember that the username and password will be case-sensitive. If you are not prompted for a password, contact your system administrator to make sure that HTAccess is turned on for your site.

WordPress Plugins

Start selling products, sending newsletters, publishing ads, and more through your own WordPress website using our premium WordPress plugins.


Pin It on Pinterest