Skip to main content
Easy Digital Downloads Blog
WordPress Tutorials, Tips, and Resources to Help Grow Your Business
How to Protect Digital Products (Expert Ways with Pros and Cons)

Do you want to protect digital products from being downloaded without your permission?

If you use WordPress, there are a handful of helpful strategies and tools you can use for protecting digital downloads and products on your e-commerce site.

In this article, we’ll cover why it’s important to safeguard digital product downloads, explore the various methods to do so, and discuss the pros and cons of each.

🔎 Feel free to jump around:

Why You Should Protect Digital Products

The digital landscape offers an incredible platform to sell a wide range of products, from eBooks and software to online courses and multimedia files.

You work hard to create your digital products. So you don’t want people stealing them.

Unfortunately, the nature of digital downloads and files is that they can be copied. No matter how hard you try to prevent them from being copied and given away, it’s next to impossible to avoid it completely.

Rather than waste your time chasing after bad actors and hackers, it’s smarter to take a more balanced approach to prioritize what you can control. In addition to making it easy for your customers to purchase and download products from your WordPress website, you also want to make it as difficult as possible for users to share or obtain unauthorized copies of your work.

By implementing robust security measures, you ensure that access to your content is reserved for paying customers and members only, contributing to a healthier bottom line. Protecting your digital products isn’t just about preserving revenue; it’s about upholding the value and exclusivity of your creations.

How to Protect Digital Downloads

There are a variety of methods you can use to protect your digital files. The best option depends on a handful of factors, such as the type of downloads, which platforms and tools you use, your experience level, and so much more.

We’ll start by covering the overall best ways to protect digital downloads in WordPress. Then we’ll get into other popular methods you could use. As you’ll learn, some of the most common suggestions and solutions aren’t necessarily the safest or most efficient (which is why we don’t recommend them for most cases).

Best Ways to Protect Digital Downloads

If you sell products online via WordPress, you need an e-commerce plugin. A popular option for physical goods is WooCommerce. There are plenty of WooCommerce add-ons available that can help protect your WooCommerce store and physical products.

If you sell digital products, including file downloads, the best way to protect them is with Easy Digital Downloads (EDD):

The Easy Digital Downloads plugin website.

This powerful WordPress plugin specializes in simplifying the process of selling digital products. It adds a full shopping cart system to your site, along with a customizable checkout page and product pages.

You can use it to accept online payments from customers using a variety of payment gateways, including PayPal and Stripe.

One of the biggest draws of EDD is how it allows you to manage access to download files.

Unlike generic e-commerce plugins, EDD is specifically designed to cater to the unique challenges of selling digital products. Its comprehensive array of security features enables you to protect digital products and maintain control over their distribution.

You can use the access controls to:

  • Require login to download
  • Set download limits
  • Add expiry dates to limit how long a download is available after purchase (and reissue a new secure link when requested)
  • Set up Software Licensing
  • Configure the file download method (i.e., force downloads vs. redirect only)

In the next sections, we’ll show you how to use these methods to protect digital downloads.

1. Require Login for Downloadable Products

You can make your digital products only accessible to users with accounts who are logged in to your site. By requiring log-ins you don’t have to perform some of the repetitive and ineffective actions described above in other methods.

EDD makes it easy to limit downloads to logged-in users only. Once you’ve installed the plugin and added your products, you can find this option under Downloads » Settings.

Navigate to Misc » File Downloads and select the Require Login setting:

The setting to protect digital products in WordPress by requiring a login.

Then click on Save Changes at the bottom. Now, all downloadable files will require users to log into WordPress before being able to access the file download link(s).

2. Set Download Limits

Once you have set up a system for accounts and logins, you can separate the non-customers from the customers.

More specifically, you can limit their access to the download so they can’t give it out to others. There are two options; you can limit the:

  • Number of downloads a user can make
  • Amount of time users have to download the product using a link that automatically expires

In EDD, you can specify the number of downloads allowed on the same page as the Require Login option. Under Downloads » Settings » Misc » File Downloads, you can enter the number limit next to File Download Limit:

The Easy Digital Download settings for adding download and file limits in WordPress.

This is a global setting. If left blank, the default is unlimited.

Directly beneath that option, you can configure the expiry setting (Download Link Expiration) to determine how long users have access to the download file URLs. The default is 24 hours.

3. Create Licenses

Another access-control solution is to use product licenses. This involves providing customers with a unique string of alphanumeric characters at the time of purchase, often called a license key. Then require that they provide that key to download or continue using your digital product.

License keys are commonly used if you are selling software like WordPress plugins or apps. This validation method is powerful; you can shut off someone’s access to your product if they do something shady.

💡How to Securely License & Sell Software in WordPress

🟢 PROS🔴 CONS
The most powerful ways to protect your digital productsUnless you use an e-commerce tool like EDD, methods may require custom functionality
Automated
Less prone to error
Capable of scaling for a large number of customers & products
Truly prevents unauthorized access

4. Use Password Protection/File Encryption

Another option is to use file encryption and/or password protection to prevent unauthorized access. You can use encryption on some types of files so that a password or ‘key’ is required for viewing or using the file. Some file storage platforms and providers allow this, some do not.

You can also use password protection strategies to safeguard the page where your download link is found. With WordPress, it’s easy.

Look on your page or post for the Status & Visibility settings box. Click the Visibility setting and change it from Public to Password protected. Then give it a password:

Protecting your digital products with password in WordPress

Now anyone trying to visit this page will be asked for a password.

Check out this tutorial on using passwords on WordPress pages.

You can also learn How to Password Protect PDF Files in WordPress using Easy Digital Downloads.

Password Protect with File Sharing Apps

File-sharing services/apps like Dropbox, Google Drive, and Box also offer file encryption features as well as options to password-protect a file or folder. For instance, depending on your plan, you could:

  • Invite only specific users or email addresses. This requires that the people invited have an account with the file-sharing service you’re using.
  • Set it up so that anyone with the link can see, comment, or edit the contents. This is easy to use, but there is no way to prevent others from sharing the link.

Sample Google Drive Link:

drive.google.com/file/d/12345/view?usp=sharing
🟢 PROS🔴 CONS
WordPress users have password protection settings automatically built inThis method requires quite a bit of clicking around per file/product, so it doesn’t scale well; it’s not a good solution if you have lots of products 
Password-protected links sometimes requires the user to set up an account, this is confusing, and causes some would-be customers to give upPassword-protected links sometimes require the user to set up an account
Private links provide an easy way to share filesCustomers have to leave your site with a platform like Google Drive, Dropbox, or Box
Password-protected links on file-sharing services are very effectivePrivate links can still easily be shared; you have to trust your customers, nothing is stopping them from sharing unauthorized links

5. Secure with .htaccess

Most websites have a hidden file called .htaccess. To see this file, you need full access to your web hosting provider’s server.

You can access and edit this file via File Transfer Protocol (FTP) or via a website control panel such as cPanel, Plesk, or the proprietary controls on a managed web host.

Editing your .htaccess file can help prevent unauthorized access to certain folders or files on your server. While it’s a pretty solid way to protect your digital downloads, it’s not for the faint of heart. It can be very difficult. Any mistake, one keystroke, and you can break your website, causing it not to load.

Protecting your digital products with .htaccess

You have to know or find on the web the right code to type into your .htaccess file. Some website platforms or web hosts don’t allow you to edit the file.

Acessing FTP to protect digital products with htaccess.

We don’t recommend editing your .htaccess file unless you are an experienced web developer. You can contact your platform or provider’s customer support to have them make edits in some cases.

🟢 PROS🔴 CONS
A strong method that truly prevents unauthorized access Requires knowledge of coding
It’s free (except for the time it takes you, and assuming you don’t break something, or have to hire a web developer for help) Must know how to access server control panel (cPanel, Plesk, or other), or FTP
Need full access to your web server files, many platforms do not allow this
Very easy to completely break your website by making just one keystroke error
Doesn’t scale well, if you have lots of products, this manual process is not ideal

Other (Outdated) Ways to Protect Digital Products

As I mentioned earlier, there are a lot of methods you can use to protect digital files and products. But not all of them are safe or even recommended. A handful of popular tactics you might come across in your research are not only outdated, but they can be complex, time-consuming, and cause unnecessary issues.

That’s not to say there aren’t some unique cases in which they’re worth considering. Rather, you should only consider them as a last-ditch attempt type of deal, not your go-to solution.

6. Hide the Page with Robots.txt

You can place a text file on your web server called ‘robots.txt’ that contains coded instructions for search engine bots.

Search engine bots are used to ‘crawl’ your site and index it for searches.

You could tell the search engines not to crawl certain folders. Doing this is a great idea. But it probably won’t protect your digital products from bad actors.

Screenshot: Protecting your digital products with robots.txt

How To Create Robots.txt

First, you’ll need file level access to your web server. Next, create a TXT file using Notepad on a PC, or TextEdit on a Mac. Be sure to save it as plain text. Name the files ‘robots.txt’ in all lower case.

Screenshot: Protecting your digital products with robots.txt

Place the code below in your file, enter in the folder/s you want to prevent access to. Visit the Robots.txt website for more information.

Use this code:

User-agent: *
Disallow: /your-folder/

There is one GIGANTIC problem with trying to secure your files with the robots.txt method. No one is required to follow the instructions of your robots.txt file. They are suggestions or requests. They can just ignore your request to stay out of that folder.

Even worse, bad actors might use your robots.txt file as a map to go exactly where you don’t want them to go.

It’s still a good idea to request that search engines not index certain folders. But you should not rely on this for protecting your digital downloads.

🟢 PROS🔴 CONS
Prevents search engines from indexing a folder for searchThe instructions in robots.txt files are requests, they don’t have to be followed
May prevent your digital product files from showing up on search engines (like Google and Bing), thus making your files harder to findBad actors likely won’t follow the instructions of robots.txt, they’re bad actors after all
Bad actors might even be on the lookout for which folders you are trying to block, and look there first
Won’t really prevent theft, the thief can still scan your site and look at files

7. Regularly Change Site Domain or Subdomain Name

You could regularly change your website’s domain name or subdomain. This would make it impossible for someone to go back to the same link they used previously. 

Original link (domain):

yoursite.com/products/your-ebook.pdf

New link (domain):

your-new-site.com/products/your-ebook.pdf

Subdomain original link:

downloads.yoursite.com/your-ebook.pdf

Subdomain new link:

products.yoursite.com/your-ebook.pdf

👉🏾 This is not a good technique. First, your website is your home on the web. It’s like your public building or store. No-brick and-mortar retail business ever built a loyal customer base by changing the physical location of their store on a regular basis. Changing your domain or subdomain is like moving your site’s location.

Second, your domain authority will suffer. Domain authority is the measure of consistency and stability of your website’s domain name. It’s a big factor on if Google and other search engines allow your website to come up in searches.

Worse, if all you’re doing to protect or hide your digital files is changing your domain names, people can still scan your new domain and find the product files on your new domain.

🟢 PROS🔴 CONS
Makes links that used to work, no longer work, which may stop some piracyDifficult, time consuming
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires a lot of technical knowledge
Requires full access to your server, many platforms/providers do not allow this
You’ll have to lease new domain names which increases expenses
Negatively affects SEO (search engine optimization), Google and other search engines don’t like broken links and penalize you in search results
Won’t really prevent theft, the thief can just scan your new domain

Please don’t try this method. The risks to the health of your online business are high, the potential benefits are low.

You could regularly change the page, link path, or file name for your digital products. Here are some examples:

Original Link

yoursite.com/products/your-ebook.pdf

New Link

yoursite.com/products2/your-ebook2.pdf

Bear in mind that any hacker, thief, or bad actor can easily employ tools to crawl, search, or even download your entire public website. 

So, if all you are doing is changing link paths or file names, you aren’t really putting up much of a defense.

🟢 PROS🔴 CONS
Makes links that used to work, no longer work, this may stop piracy by lazy and non-technically savvy peopleRequires manual labor
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires full access to your server, many platforms do not allow this
Negatively affects SEO (search engine optimization), Google and other search engines don’t like broken links and penalize you in search results
Won’t really prevent theft, the thief can just scan your new domain

This method is very similar to the one above. You can ‘hide’ your digital products by giving them crazy or nonsensical names. Or by putting them inside folders with nonsensical random text.

The idea is that no search engine or normal person will figure out how to find your digital files or what they are.

Original Link

yoursite.com/products/your-ebook.pdf

New Link

yoursite.com/x9ppo97gG/90jjk9.pdf

Original Link

yoursite.com/products/your-ebook-landing-page

New Link

yoursite.com/x9ppo97gG/90jjk9

What you are really doing here isn’t ‘hiding’. Your files are sitting in plain sight. Any would-be pirate or thief could easily use site scanning tools and see your crazily-named files and grab them. It’s not a very good deterrent.

🟢 PROS🔴 CONS
Makes links hard to find or understand what they are, this may stop piracy by lazy and non-technically savvy peopleRequires manual labor
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires full access to your server, many providers and platforms do not allow this
Won’t really prevent theft, the thief can still scan your site and look at files

10. Bury Product In Layers of Folders

You might hear some people tell you to just protect your files by placing them inside several levels or layers of folders.

For example:

yoursite.com/folder1/folder2/folder3/folder4/your-ebook.pdf

The idea behind this is that search engines are thought to only be able to search 2 or 3 layers deep. This is not a sound idea.

First, no one really knows how search engines work. And they change constantly. We don’t know if this idea is true now or was ever true. Google doesn’t tell the public how their search algorithms work.

Second, a would-be pirate or thief has more tools than Google and Bing search engines they can use to search your site. You have no way of knowing how they operate, but they almost certainly have the ability to search all folders on your public website. 

🟢 PROS🔴 CONS
Links are hard to find, this may stop piracy by lazy and non-technically savvy peopleRequires manual labor
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires full access to your server, many providers and platforms do not allow this
Won’t really prevent theft, the thief can still scan your site and look at files

FAQs About Digital Content Protection

Let’s wrap up with some frequently asked questions.

What is two-factor authentication (2FA) and how can it enhance the security of my digital product?

Many platforms allow you to set up two-factor authentication, also called 2FA. This is where, in addition to knowing the password, you have to enter a code that is sent to your phone (or another device).

We recommend making use of 2FA on any platform that offers it, including your website or e-commerce platform. It’s a good way to keep all your accounts safe. Have a mindset of doing whatever it takes to protect your digital content and downloadable files.

Should I watermark my images?

If you sell digital products that are photos or graphics (Adobe, Affinity, Canva), be sure to watermark the preview images. Watermarking is overlaying company or copyright information on your photos to prevent unauthorized use.

Photo: Kangaroo with watermark

Check out our article on selling images to learn more. This article has information about watermarking, templates, and file formats.

What’s the best way to protect digital products in WordPress?

The best way to protect digital products within WordPress is to use a reputable e-commerce plugin such as Easy Digital Downloads. This plugin facilitates efficient management, protection, and distribution of downloads and files. To enhance security, you can implement a range of measures like access controls and password protection to limit and deter unauthorized sharing and downloading.

Use EDD to Protect Digital Products

Good work! You have learned many ways to protect your digital products from unauthorized access. 

Download Easy Digital Downloads today to create a secure e-commerce site for your digital products:

If you already have EDD but want access to all premium extensions and features to help protect digital products, you can easily upgrade from EDD Lite to EDD Pro.

Our site is full of resources for entrepreneurs and digital creators like you! What do you want to learn about next?

📣 P.S. Be sure to subscribe to our newsletter and follow us on Facebook or Twitter for more WordPress resources!

Using WordPress and want to get Easy Digital Downloads for free?

Enter the URL to your WordPress website to install.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.

2 comments

  1. Casey Cavanagh

    4. Use Password Protection/File Encryption
    I’m not sure you detailed anything about file encryption. You offer digital download and licencing but do you actually offer encryption of the software .exe file and associated .dll files ?

    1. Casey Cavanagh

      Hi Scott, Great question! We offer password-protection to restrict access to the file’s download page. Some third-party file storage platforms mentioned (Dropbox, Google Drive, etc.) offer file encryption features. I’ve edited the post to clarify that discintion, so thank you. 🙂 If you have any other questions, our support team would be happy to offer more insight!

Leave a Reply

Your email address will not be published. Required fields are marked *

Read our latest blog post:
How to Make a WordPress eCommerce Website