The Enhanced File Protection Feature in the Simple Download Monitor plugin is a powerful tool to add an extra layer of security to your downloadable files. When this feature is enabled, the plugin automatically creates a special folder named “sdm-downloads” within your website’s uploads directory. All new files you upload for download items will be stored in this protected folder.
This folder is secured using an .htaccess file for Apache servers and appropriate configuration adjustments for Nginx servers. This security measure prevents direct access to the files via the browser, ensuring that visitors cannot download the files by accessing the folder URL directly. Your downloadable content remains secure, accessible only through authorized means provided by the plugin.
Table of Contents
- Important Notes About This Feature
- How to Enable the Enhanced File Protection Feature
- Server Configuration Requirements
- Verifying the Enhanced File Protection
- Configuring Downloads with Enhanced File Protection
- Handling Image Files in the Protected Folder
Important Notes About This Feature
Please review the following notes before enabling the Enhanced File Protection feature.
Server Environment Limitations
- This feature may not work in certain server environments. Please test it by configuring a new download to ensure compatibility with your site. We will gather feedback over time to improve its compatibility across more server setups.
Existing Download Items
- All existing downloads with their current files will continue to be managed using the standard process. Only new files uploaded after enabling the Enhanced File Protection feature will be handled through the new process. This ensures backward compatibility, keeping all your existing downloads functioning as before.
Existing Files
- Files uploaded before enabling the Enhanced File Protection will not be automatically moved to the protected folder.
- To protect these files, either re-upload them using the plugin or manually move them to the sdm-downloads folder, then update the download URL within each download item’s configuration.
Disabling Enhanced File Protection After Setting Up Protected Downloads
- Files uploaded to the protected folder can only be downloaded using the Enhanced File Protection method. If you configure protected downloads and then disable the feature, existing protected files will still be managed through this method. However, any new uploads after disabling the feature will not be added to the protected folder.
How to Enable the Enhanced File Protection Feature
Follow the steps below to activate the Enhanced File Protection feature in the Simple Download Monitor plugin:
Step 1: Access the Plugin Settings
- Log in to your WordPress admin dashboard.
- Navigate to Settings > Simple Download Monitor.
Step 2: Enable File Protection
- Click on the Enhanced File Protection tab within the plugin settings.
- Check the box labeled Enable File Protection to activate the feature.
Step 3: Save Your Changes
- Scroll down and click the Save Changes button to apply the new settings.
Server Configuration Requirements
Depending on your server type, additional configuration may be necessary to ensure the Enhanced File Protection feature works correctly.
For Apache or LiteSpeed Servers
- No additional action is required.
- The plugin automatically creates an .htaccess file in the sdm-downloads folder to prevent direct access to your files.
For Nginx Servers
- Manual configuration is required.
- The plugin will display a notice indicating that you need to update your Nginx server configuration.
How to Update Nginx Configuration
1) Access Your Nginx Virtual Host Configuration File: Locate the virtual host configuration file for your WordPress site (usually found in /etc/nginx/sites-available/). Your hosting provider can confirm the exact location of this file for you.
2) Add the Following Directive: Insert the following code snippet into your server block:
location ~ ^/wp-content/uploads/sdm-uploads/ {
deny all;
}
3) Save and Close the Configuration File: Ensure all changes are saved properly.
4) Reload Nginx: Apply the new configuration by reloading Nginx:
sudo nginx -s reload
Verifying the Enhanced File Protection
After enabling the feature and updating your server configuration (if necessary), it’s important to verify that your files are properly protected.
- Test Direct Access
- Try to access a file directly within the sdm-downloads folder via a web browser.
- You should receive an error, indicating that direct access is denied.
- Test Download Links
- Use the download links provided by the Simple Download Monitor plugin on your website.
- Confirm that users can still download files through these links without any issues.
Configuring Downloads with Enhanced File Protection
Once this feature is enabled and the required setup is complete, you can begin configuring new download items to be protected by the Enhanced File Protection feature.
When creating a new download item (or editing an existing one), you can upload the file to the “Downloadable File” field directly from your device. The file will then be stored in the protected “sdm-uploads” folder. When users click the download button for this item, the file will be served through a secure process, ensuring it can only be accessed via the plugin’s download system.
Handling Image Files in the Protected Folder
When image files are uploaded to the protected folder, the media library will not be able to generate a thumbnail preview for them. To address this, our plugin replaces the thumbnail preview for image files with a generic thumbnail, as shown below, for any image files uploaded to the protected folder.
