How to Protect Your WooCommerce Digital Products

WooCommerce offers a quick and easy way to sell digital products online. You don’t need to care about shipping and inventory anymore. However, digital piracy becomes a constant threat that you have to deal with. You’ve gotta to protect your file download links otherwise it will be extremely easy for others to steal your digital products – be it music, software or ebook files. In this article, we are about to give you a simple step-by-step process of how you can protect your WooCommerce digital products from piracy.

WooCommerce File Download Methods

There are 3 file download methods provided by WooCommerce, namely “Force Download”, “X-Accel-Redirect/X-Sendfile” and “Redirect only”. Among them, “X-Accel-Redirect/X-Sendfile” is the most reliable method as your files are not only served directly to your customers but also protected by a .htaccess file, making it really secureHowever, this method requires your server to support and enable “X-Accel-Redirect/X-Sendfile” module. Unfortunately, most shared hosting providers don’t.

Using “Force Download” is another safe option to protect your downloadable files but it comes with another drawback too. Your customers won’t be able to download if your files are too bigMany users experience timeouts during download when the file size is 16MB and above.

The last, least secure yet common option left is “Redirect only”. This method redirects users to the actual file location so it works no matter how big your files are. The biggest drawback is that users can see your file download link (URL). Anyone with the link could simply access and download your valuable files.

WooCommerce Issues & Solutions

Currently, there are a few problems with WooCommerce digital product files. Among them, the biggest loophole happens with guest purchases who can just share their order URL with anyone after purchase.

That’s when our Prevent Direct Access Gold WordPress plugin comes into handy. Rather than providing the original – publicly accessible file URL to your customers, you protect them with our plugin and use their protected URL on your WooCommerce product instead.

Prevent Direct Access Gold Solutions

Both solutions block Google and other search engines from indexing your WooCommerce product files. In other words, they won’t be able to find your product files on search results anymore.

  1. Using Private Links
  2. Using Protected Links with File Access Permission
    1. Grant Acccess to Users Who Made the Purchase

#1 Using Private URLs

This method prevents direct access to your WooCommerce product files (URL). It doesn’t require users to log in to download the files, and so, is best suitable when you allow guest purchases.

Step 1: Enable the “Force Downloads” option under the PDA Gold setting page.

Step 2: Protect your product files under Media library

  • Set its File Access Permission to “admins”
  • Create a private URL for each file (without any download limit and expiry)

Step 3: Copy that private URL and put it on “File URL” field on your WooCommerce product instead of its original URL

Please note that you might need to choose the “Redirect only” option under your WooCommerce settings page for our plugin’s function to work properly.

#2 Using Protected URLs with Proper File Access Permission

This method forces users to log into your website before they can download your product files. It means users cannot share your downloadable file links with others.

Here are the 3 simple steps:

Step 1: Change WooCommerce “File download method” to “Redirect Only” Under WooCommerce > Settings > Products > Downloadable products

Step 2: Protect your file and set its File Access Permission to your customer role, together with admins.

Step 3: Under your WooCommerce product, click on “Choose file” and select your protected file.
Please note that once protected, the file URL is automatically updated with “_pda” on the slug. You don’t have to do anything else.

Here you go. Now everything will be working as usual just that your customers will have to log in to download your digital product. In other words, they cannot share the download URL with others as before. Your downloadable files are now much more secure!

Grant Protected Files Access to Users Who Made the Purchase

By default, all users who logged in to your site with correct permission can access your digital files.

To grant protected file access to users who made orders only, simply add the following code snippet to your (child) theme’s functions.php file or Code Snippets plugin.

   function ( $allowed, $attachment_id ) {

      if ( $allowed ) {
         return $allowed;

      if ( ! function_exists( 'wc_get_orders' ) ) {
         return $allowed;

      if ( ! is_user_logged_in() ) {
         return $allowed;

      $customer_orders = wc_get_orders( $args = array(
         'limit'       => - 1,
         'customer_id' => get_current_user_id(), // The current user id
         'status'      => array_keys( wc_get_order_statuses() ),

      ) );


      if ( empty( $customer_orders ) ) {
         return $allowed;

      $download_urls = [];

      // Loop through customer orders
      foreach ( $customer_orders as $order ) {

         if ( ! $order->has_downloadable_item() || ! $order->is_paid() || ! $order->is_download_permitted() ) {

         foreach ( $order->get_items() as $item ) {

            // Get the downloadbles files (array):
            $downloads = $item->get_item_downloads();

            if ( empty( $downloads ) ) {



            foreach ( $downloads as $download_id => $download ) {

               $download_urls[] = $download['file'];



      $file_url        = wp_get_attachment_url( $attachment_id );
      $file_url_parsed = wp_parse_url( $file_url );
      $file_path       = $file_url_parsed['path'];

      foreach ( $download_urls as $download_url ) {

         $download_url_parsed = wp_parse_url( $download_url );
         $download_path       = $download_url_parsed['path'];

         if ( $download_path === $file_path ) {

            return true;



      return $allowed;

   }, 100, 2


Other Possible Solutions

You may want to take a look at our Shared Private Links which help you track different users’ download limit and expiry just by one link.

Alternatively, protect and offload your product files to Amazon S3; then serve the file download with Amazon S3 signed URLs to protect your digital products. This method is more scalable providing faster download speed and better user experience to your customers.

Lasted updated on August 5, 2022