How To Secure Download Links And Pages

By
Posted In: General Chat 

Hello everyone, I have created this weeks newsletter from an article I wrote some time ago. I get a lot of questions about digital downloads and the best way to protect them. In the article I show you ways to  protect your download links without using a delivery script.

In the digital age more and more people have taken to selling digital products such as software, pictures, music files and eBooks over the Internet. Many of these people sell such products on their own website, once a customer has purchased the product they will be given a download link so they can download their purchase.

What a lot of these sellers don’t realise is that a lot of potential customers are downloading the product free of charge either through un-encrypted download links or insecure download directories. If you are selling digital products then I would strongly suggest that you read this article and make sure that your site is secure!

The first lesson I will show you is how to protect your download directories. Download directories are where you store your files that the customer will download after purchase, so if you were selling e-books your storage location may look like:

www.yoursite.com/e-books

If someone were to type that URL into their web browser chances are they would see a “tree view” structure of your folder. In short they would have access to all files within that folder without having to pay you a single penny!

To stop this you can create a page called “index.html” and upload it to the “e-books” folder. This means that now when someone tries to access the folder, they wont see the contents of your directory, they will see the index page you have just uploaded.

So now you have protected your file storage directory what else can you do? Well there are still a lot more tasks you can undertake to protect your files.

Zipping your files has now become more important than ever and should be used with all of your files. Google and many other search engines now crawl pdf files, word documents and other none HTML files, these are NOT SAFE! Many e-book sellers store their downloads as PDF documents.

While this may not be a problem for those adding content to their sites in the form of PDF newsletters and reports, it also means that you must never store a product you want to SELL as a PDF file (unless it is in a password-protected folder).

It gets worse. Google not only reads PDF files but converts them to HTML so that your e-book can not only be downloaded but they can get the source as well!

Now human nature being what it is means the chances are that person will now customise your e-book with their own links, compile it and sell it or give it away.

A simple way of keeping your files out of the reach of spiders is to upload them as a zip file. Search engines cannot look inside zip files (yet) and list their contents. By using zip files you can add further security by making them password protected and emailing the password separately.

A further method to protect your directories would be to protect them with a password. Many web hosting companies will offer you the ability to password protect a directory. Using password protection can limit the amount of access users have to your site. You can specify a user name and password for the directory you are protecting. Each protected directory can have multiple users (each with different passwords if you prefer) who have access to it. Additionally, the Protect Directories option can be used to remove a user’s access from a protected directory.

Even with all of these safety procedures in place, there is still no guarantee that your files wont be stolen. No matter how secure you are there are always people out there that try to find “back doors” to your links. The only 100% secure way to protect your files is to store them in a folder above your public_html or www_docs directory and then have a script send out an encrypted, expiring download link to your customer straight after payment. This is the method that I use with great success.

If you have any different methods or suggestions then please feel free to leave a comment. I would also love to hear any horror stories you may have!

Thanks for reading,
Regards,
Dan

 P.S. You may notice that I have also added a “Humour” section to this site. If you fancy a laugh then click on the “Humour” link to your left 🙂




Receive Free Email Updates When A New Entry Is Posted. Join Them!

Comments

4 Responses to “How To Secure Download Links And Pages”
  1. Anna Nicole says:

    Where do you stand on using PayPal encyption to protect, say, your download or thank you page from being read in the source code? Any good?

  2. Dan (el_passo) says:

    Hi Anna,
    If using Paypal as a payment processor then yes, encrypting the button is a great way to secure your download page.

  3. Debbie says:

    Your article was very informative. I protect my website as in the way you said. adding another folder where intruders can not find downloads.

  4. adada says:

    “Search engines cannot look inside zip files”

    .:WRONG:.