Skip to main content

9 Expert Ways to Protect Digital Products (with Pros and Cons)

Illustration: a pirate ship

Do you want to protect your digital products from being downloaded without your permission? There are many easy and free ways to do this.

In this article we’ll look at 9 ways to protect your digital product downloads. We’ll also consider some pros and cons of each option. Last, we’ll share what we think the best option is.

Here are the sections of our article if you want to skip around:

  1. The Big Picture
  2. 9 Ways to Protect Digital Products (with Pros and Cons)
  3. The Best Way to Protect Digital Products with WordPress
  4. Basic Security Pro Tips

The Big Picture

Illustration: a hacker on a laptop

You work hard to create your digital products. So you don’t want people to steal your work.

However the nature of digital downloads, computer files, is that they can be copied. No matter how hard you try to prevent them from being copied and given away you cannot completely prevent it. Most likely, no security measure is unbreakable.

Entrepreneurs like you cannot build a business by spending all your time chasing around bad actors and hackers. So you need to strike a balance or prioritize.

  1. First, make it very easy to purchase and download your products
    • Offer perks like support, free product updates, or new versions to authorized users
  2. Second, make it as hard as possible to download or make unauthorized copies of your digital products
    • Deny the perks offered to authorized users
  3. Last, focus more on getting customers first, spend less focus on sleuthing around for piracy.
    • A strong method of protecting your products helps you focus on your customers.

9 Ways to Protect Digital Products

If you research around the internet for ways to protect your digital files you’ll find varying descriptions of methods 1-7 below. We think argue many of them are outdated (which we will explain). 

The best methods are 8 and 9.

  1. Regularly Change Site Domain or Subdomain Name
  2. Regularly Change the Page or Link
  3. Hide The Page or Download Link Location
  4. Bury Product In Layers of Folders
  5. Hide The Page with Robots.txt
  6. Password Protect File or Link
  7. Use File Encryption
  8. Secure with .htaccess
  9. Secure with Access Control

Method 1: Regularly Change Site Domain or Subdomain Name

You could regularly change your websites domain name or subdomain. This would make it impossible for someone to go back to the same link they used previously. 

Original link (domain):

yoursite.com/products/your-ebook.pdf

New link (domain):

your-new-site.com/products/your-ebook.pdf

Subdomain original link:

downloads.yoursite.com/your-ebook.pdf

Subdomain new link:

products.yoursite.com/your-ebook.pdf

👉🏾 This is not a good technique. First, your website is your home on the web. It’s like your public building or store. No brick and mortar retail business ever built a loyal customer base by changing the physical location of their store on a regular basis. Changing your domain or subdomain is like moving your site’s location.

Second, your domain authority will suffer. Domain authority is the measure of consistency and stability of your website’s domain name. It’s a big factor on if Google and other search engines allow your website to come up in searches.

Worse, if all you’re doing to protect or hide your digital files is changing your domain names, people can still scan your new domain and find the product files on your new domain.

🟢 PROS🔴 CONS
Makes links that used to work, no longer work, this may stop piracy by lazy and non-technically savvy people Difficult, time consuming
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires a lot of technical knowledge
Requires full access to your server, many platforms/providers do not allow this
You’ll have to lease new domain names which increases expenses
Negatively affects SEO (search engine optimization), Google and other search engines don’t like broken links and penalize you in search results
Won’t really prevent theft, the thief can just scan your new domain

Please don’t try this method. The risks to the health of your online business are high, the potential benefits are low.

Method 2: Regularly Change the Page or Link

You could regularly change the page, link path, or file name for your digital products. Here are some examples:

Original Link

yoursite.com/products/your-ebook.pdf

New Link

yoursite.com/products2/your-ebook2.pdf

Bear in mind that any hacker, thief, or bad actor can easily employ tools to crawl, search, or even download your entire public website. 

I have a five dollar app that does this from the Apple App Store. I’m not a hacker, I just like to archive my sites by indexing all the folders and downloading them to my computer.

So, if all you are doing is changing link paths or file names, you aren’t really putting up much of a defense.

🟢 PROS🔴 CONS
Makes links that used to work, no longer work, this may stop piracy by lazy and non-technically savvy peopleRequires manual labor
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires full access to your server, many platforms do not allow this
Negatively affects SEO (search engine optimization), Google and other search engines don’t like broken links and penalize you in search results
Won’t really prevent theft, the thief can just scan your new domain

Method 3: Hide The Page or Download Link Location

This method is very similar to the one above. You can ‘hide’ your digital products by giving them crazy or nonsensical names. Or by putting them inside folders with nonsensical random text.

The idea is that no search engine or normal person will figure out how to find your digital files or what they are.

Original Link

yoursite.com/products/your-ebook.pdf

New Link

yoursite.com/x9ppo97gG/90jjk9.pdf

Original Link

yoursite.com/products/your-ebook-landing-page

New Link

yoursite.com/x9ppo97gG/90jjk9

What you are really doing here isn’t ‘hiding’. Your files are sitting in plain sight. Any would-be pirate or thief could easily use site scanning tools and see your crazily-named files and grab them. It’s not a very good deterrent.

🟢 PROS🔴 CONS
Makes links hard to find or understand what they are, this may stop piracy by lazy and non-technically savvy peopleRequires manual labor
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires full access to your server, many providers and platforms do not allow this
Won’t really prevent theft, the thief can still scan your site and look at files

Method 4: Bury Product In Layers of Folders

You hear some people tell you to just protect your files by placing them inside several levels or layers of folders.

For example:

yoursite.com/folder1/folder2/folder3/folder4/your-ebook.pdf

The idea behind this is that search engines are thought to only be able to search 2 or 3 layers deep. This is not a sound idea.

First, no one really knows how search engines work. And they changes constantly. We don’t know if this idea is true now or was ever true. Google doesn’t tell the public how their search algorithms work.

Second, a would-be pirate or thief has more tools than Google and Bing search engines they can use to search your site. You have no way of knowing how they operate, but they almost certainly have the ability to search all folders on your public website. 

🟢 PROS🔴 CONS
Links are hard to find, this may stop piracy by lazy and non-technically savvy peopleRequires manual labor
“Free” (if you don’t consider your time and labor an expense)Error prone
Requires full access to your server, many providers and platforms do not allow this
Won’t really prevent theft, the thief can still scan your site and look at files

Method 5: Hide The Page with Robots.txt

You can place a text file on your web server called ‘robots.txt’. This file contains coded instructions for search engine bots.

Search engine bots are used by Google, Bing, and other search engines to ‘crawl’ your site and index it for searches.

You could tell the search engines not to crawl certain folders. Doing this is a great idea. But it probably won’t protect your digital products from bad actors.

Screenshot: Protecting your digital products with robots.txt

How To Create Robots.txt

First, you’ll need file level access to your web server. Next, create a TXT file using Notepad on a PC, or TextEdit on a Mac. Be sure to save it as plain text. Name the files ‘robots.txt’ in all lower case.

Screenshot: Protecting your digital products with robots.txt

Place the code below in your file, enter in the folder/s you want to prevent access to. Visit the Robots.txt website for more information.

Use this code:

User-agent: *
Disallow: /your-folder/

There is one GIGANTIC problem with trying to secure your files with the robots.txt method. No one is required to follow the instructions of your robots.txt file. They are suggestions or requests. They can just ignore your request to stay out of that folder.

Even worse, bad actors might use your robots.txt file as a map to go exactly where you don’t want them to go.

It’s still a good idea to request that search engines not index certain folders. But you should not rely on this for protecting your digital downloads.

🟢 PROS🔴 CONS
Prevents search engines from indexing a folder for searchThe instructions in robots.txt files are requests, they don’t have to be followed
May prevent your digital product files from showing up on search engines (like Google and Bing), thus making your files harder to findBad actors likely won’t follow the instructions of robots.txt, they’re bad actors after all
Bad actors might even be on the lookout for which folders you are trying to block, and look there first
Won’t really prevent theft, the thief can still scan your site and look at files

Method 6: Password Protect or Private Link

You can password protect the page where your download link is found. Some platforms and providers allow this, some do not. It’s easy with WordPress!

Look on your page or posts Status & Visibility settings box. Click the Visibility setting and change it from Public to Password protected. Then give it a password.

Screenshot: Protecting your digital products with password in WordPress

Now anyone trying to visit this page will be asked for a password.

Click here for a tutorial on using passwords on WordPress pages.

Password Protect with File Sharing Apps

File sharing services/apps like DropBox and Box have the option to password protect a file or folder. This may not be available on the free plan of these apps.

Private Links

File sharing services like Google Drive, DropBox and Box provide an option for sharing folders privately.

  • You can invite only specific users or email address (this requires that the people invited have an account with the file sharing service you’re using).
  • You can set it up so that anyone with the link can see, comment or edit the contents. This is easy to use, but there is no way to prevent others from sharing the link.

Sample Google Drive Link:

drive.google.com/file/d/12345/view?usp=sharing
🟢 PROS🔴 CONS
Password protected links on file sharing services are very effectiveThis method requires quite a bit of clicking around per file/product, so it doesn’t scale well, it’s not a good solution if you have lots of products 
Private links provide an easy way to share filesPassword protected links sometimes requires the user to set up an account, this is confusing, and causes some would-be customers to give up
Customers have to leave your site with a platform like Google Drive, Dropbox, or Box. This is unprofessional, confusing, and doesn’t build trust with customers.
Private links can still easily be shared, you have to trust your customers, nothing is stopping them from sharing unauthorized links

Method 7: Use File Encryption

You can use encryption on some types of files. There are free and paid tools for protecting a PDF file.

When you encrypt a file, a password is required for viewing or using the file. This is a good way to protect your digital products.

There are some challenges.

  • First, you have to find or know how to use encryption apps. Which app you use can vary depending on which type of file or digital product you are distributing.
  • Second, the process of downloading and decrypting a digital product can be confusing for your customers. If it results in a bad experience for paying customers, you’ve just hurt your business.
🟢 PROS🔴 CONS
A strong method that in many cases truly prevents unauthorized accessTime consuming if you have lots of products, doesn’t scale well
There are free encryption tools are availableError prone, you have to keep track of passwords
Decryption steps may be confusing for paying customers
Requires use of different apps and some tinkering and/or technical knowledge to set up


Method 8: Secure with .htaccess

Most websites have a hidden file called .htaccess. To see this file you need full access to your website’s web hosting server.

You can access and edit this file via FTP or via a website control panel such as cPanel, Plesk, or the proprietary controls on a managed web host.

You can edit your .htaccess file to prevent unauthorized access to certain folders or files on your server. This is a pretty solid way to protect your digital downloads.

However, it’s not for the faint of heart. It can be very difficult. Any mistake, one keystroke, and you can break your website, causing it not to load.

Screenshot: Protecting your digital products with .htaccess
A typical .htaccess file on a WordPress site

You have to know or find on the web the right code to type into your .htaccess file. Some website platforms or web hosts don’t allow you to edit the file.

Screenshot: Protecting your digital products with .htaccess

We don’t recommend editing your .htaccess file unless you are an experienced web developer. You can contact your platform or provider’s customer support to have them make edits in some cases.

🟢 PROS🔴 CONS
A strong method that truly prevents unauthorized accessRequires knowledge of coding
It’s free (except for the time it takes you, and assuming you don’t break something, or have to hire a web developer for help)Must know how to access server control panel (cPanel, Plesk, or other), or FTP
You need full access to your web server files, many platforms do not allow this
It is very easy to completely break your website by making just one keystroke error
Doesn’t scale well, if you have lots of products, this manual process is not ideal

Method 9: Secure with Access Control

Access Control is a set of security measures to protect your digital products. Using access control is the best way to build a digital product business.  

To build your business you need a method that is:

  • Effective – It needs to truly prevent unauthorized downloads.
  • Easy to use – It needs to require little manual labor from you to prevent errors, and needs to be easy for customers too.
  • Able to scale – It has to be repeatable, and not require ever-increasing time and effort, so it can scale.

Require Login

You can make your digital products only accessible to users with accounts who are logged in to your site. Using a CMS like WordPress allows you to manage users and automate password creation and resetting.

By requiring log-ins you don’t have to perform some of the repetitive and ineffective actions described above in other methods.

Limit Access to Download

Once you have set up a system for accounts and logins, you can separate the non-customers from the customers.

Limit their access to the download, so they can’t give it out to others.  

  • Limit the amount of time they can download the product with a link that automatically expires
  • Limit the number of downloads a user can make, to make sure they are just handing it out to everyone they know

Optional: Create Licenses

In addition to requiring logins and limiting access to downloads you can use product licenses.

Provide customers a unique string of alphanumeric characters at the time of purchase. This is often called a license key. Require that they provide that key to download or continue using your digital product.

Sample license key

Hg7889ikj567fHkC321go0o9

License keys are commonly used if you are selling software like WordPress plugins or apps. This validation method is powerful, you can shut off someone’s access to your product if they do something shady. You can also reenable access at any time.

🟢 PROS🔴 CONS
The most powerful ways to protect your digital productsRequires custom functionality for logins, access control, or licensing. However, there are many eCommerce tools to do this for you. Even for free. Read on! 👇🏽
Automated
Less prone to error
Capable of scaling for a large number of customers and products
Truly prevents unauthorized access

The Best Way to Protect Digital Products with WordPress

The best way to protect your digital products in WordPress is the Easy Digital Downloads plugin.

Easy Digital Downloads (EDD) is a powerful eCommerce solution for selling your digital creations. You can get started for free and use it free forever.

EDD Logo Graphic

EDD allows you to manage access to downloads. It uses all the best ways listed above (in method #9). EDD allows you to:

  • Require a login for download
  • Limit access to downloads
  • Limit how long a download is available after purchase
    • As well as easily reissue a new secure link whenever the customer asks
  • Set up Software licensing extension (Requires Extended Pass)

Installing EDD provides you with full digital product management, file protection, shopping cart, flexible checkout, Stripe integration, customer management and discount codes. And all that is in the free version. 🤯

Other eCommerce Solutions

There are many other eCommerce solutions that help you protect and sell your downloadable products. Many of them have major disadvantages compared to EDD.

  • Many eCommerce solutions are not built for digital products. They are built for selling physical products. You’ll waste valuable time setting up shipping and inventory features that you don’t need. Some even slow down your site.
  • Other solutions and marketplaces charge unnecessary fees. The more money you make, the more they take. And their terms can change at any moment. Also, some don’t pay for 45, 60, or even 90 days!
  • When you sell your digital products on a marketplace, the customer doesn’t really become your customer. It’s their customer. You might have little or no way to do follow up communication with them.

Sell your digital products on your own site! With WordPress and EDD you have full control over the shopping experience and direct communication with the customers.

Using WordPress and want to get Easy Digital Downloads for free?

Enter the URL to your WordPress website to install.

 

Basic Security Pro Tips

If you’re selling (or giving away) digital goods online, you should also follow basic best practices for security on the web. Below are a few important best practices.

Use Strong Passwords

Passwords should be 10 characters or longer. They should include special characters, uppercase characters, and lowercase characters. 

Different platforms and providers have different requirements for passwords. You should always use a strong password, even if the platform you are using doesn’t require it.

This prevents bad actors from guessing or using a brute-force tool to figure out your password. Brute-force is when a tool is used to try millions of passwords until the right one is found. A strong password can take a brute-force days, weeks or years to figure out.

Don’t Use the Same Password

We know, it’s very convenient. But you should avoid using the same password on multiple platforms. If someone gets in on one of your accounts, they can get access to more (or all of them).

Imagine if a hacker gains access to your email and your social media accounts! 😱

Use A Password Manager

If you follow our advice (and conventional wisdom) and use strong passwords and different passwords for each site you’ll find that it is hard to keep track of your passwords. Consider using a password manager. 

Screenshot: LastPass

There are many good password managers such as LastPass, 1Password and Dashlane. Click here for a review of these three tools.

Use Two-Factor Authentication

Many platforms allow you to set up two-factor authentication. Also called 2FA. This is where in addition to knowing the password, you have to enter a code that is sent to your phone.

We recommend making use of 2FA on any platform that offers it. It’s a good way to keep all your accounts safe. Have a mindset of doing whatever it takes to protect your digital content and downloadable files.

Don’t Store Credit Card Information On Your Site

You should avoid storing credit card numbers and other sensitive information on your website. Don’t try to figure out accepting payments online all by yourself, find an ecommerce tool.

If you use EDD to accept payments on your website, security measures like this are all taken care of.

Watermark Preview Images

If your sell digital products that are photos or graphics (Adobe, Affinity, Canva), be sure to watermark the preview images. Watermarking is overlaying company or copyright information on your photos to prevent unauthorized use.

 

Photo: Kangaroo with watermark

Check out our article on  article on selling images to learn more. This article has information about watermarking, templates and file formats.

Conclusion

Good work! You have learned many ways to protect your digital products from unauthorized access. 

Our site is full of resources for entrepreneurs and digital creators like you! What do you want to learn about next?

Choose the EDD Pass that’s just right for you as you build your online store.

Be sure to follow us on Facebook and Twitter to learn more about WordPress and selling digital products.

Joe Wells

About Joe Wells

Joe is a Marketing Specialist at Awesome Motive. For years he’s been helping people and organizations succeed with WordPress. He is also the founder of an alternative accounting solution for your side hustle called HustleBooks (powered by Easy Digital Downloads). He and his family live and play just outside Detroit. A busy dad, he enjoys running, watching and creating films.

@thisisjoewells

Leave a Reply

Your email address will not be published.