Skip to main content
Easy Digital Downloads Documentation
Documentation, Reference Materials, and Tutorials for Easy Digital Downloads

Modifying EDD .htaccess file rules

Easy Digital Downloads uses a .htaccess file (for Apache servers) to protect product download files. This file is placed in wp-content/uploads/edd/. The rules in the file will differ depending on your Download Method set in Downloads → Settings → Misc.

If Download Method is set to Forced, the default .htaccess rules are:

Options -Indexes
deny from all

 <filesmatch '.(jpg|png|gif|mp3|ogg) < pre>
  <p> If Download Method is set to Redirect, the rules are:</p>

  <pre>Options -Indexes

How to modify .htacess rules

Below are different options on modifying the .htaccess rules, either via a filter or using a WordPress plugin.

Note: EDD rewrites the .htaccess once a day so you cannot make changes directly to the .htaccess file itself, otherwise those changes will get overwritten.

1. Update rules using a the edd_protected_directory_htaccess_rules filter:

These rules can be changed using the edd_protected_directory_htaccess_rules filter. For example, if you want to block direct access to .mp3 files (by default they are allowed), you can use this:

<?php
function edd_custom_modify_htaccess_rules( $rules, $method ) {
	switch( $method ) :
		case 'redirect' :
			// Prevent directory browsing
			$rules = "Options -Indexes";
			break;
		case 'direct' :
		default :
			// Prevent directory browsing and direct access to all files, except images (they must be allowed for featured images / thumbnails)
			$rules = "Options -Indexes\n";
			$rules .= "deny from all\n";
			$rules .= "<FilesMatch '\.(jpg|png|gif|ogg)$'>\n";
			    $rules .= "Order Allow,Deny\n";
			    $rules .= "Allow from all\n";
			$rules .= "</FilesMatch>\n";
			break;

	endswitch;

	return $rules;
}
add_filter( 'edd_protected_directory_htaccess_rules', 'edd_custom_modify_htaccess_rules', 10, 2 );

In order for the changes to take effect, you can wait 24 hours or, go to Downloads > Settings > Misc, change the Download Method to a different value and click “Save Changes”. This will force the .htaccess file to be updated. Make sure to change the Download Method back to the previous value and hit Save Changes again.

2. Modify .htaccess via a plugin

You can also use the free EDD .htacces Editor extension to modify these rules without touching any PHP.

Emptying .htaccess

If you need to get rid of everything, including

Options -Indexes

then you can use a function similar to above, but with nothing in it. Example:

<?php
function edd_custom_modify_htaccess_rules( $rules, $method ) {
	$rules = "";

	return $rules;
}
add_filter( 'edd_protected_directory_htaccess_rules', 'edd_custom_modify_htaccess_rules', 10, 2 );

📢 Pro Tip: Need help adding code snippets to your site? We recommend using WPCode, the best WordPress snippets plugin. With features like a built in library of snippets and integrated error handling, you can customize your site with confidence.

Read our latest blog post:
Add More Stripe Payment Methods at Checkout