Protect EDD files under NginX and HestiaCP

Heures Posté le Temps de lecture : 2 minutes

When using Easy Digital Downloads on Nginx, your download files are NOT automatically protected against external access. This means that anybody can download your files just pasting a file URL into their browser.

If your site is on NginX, you’ll get a notification inside your website that says something like:

The download files in [/wp-content/uploads/edd are not currently protected due to your site running on NGINX.
To protect them, you must add a redirect rule as explained in this guide.

Don’t dismiss this notice until you actually add the following redirect rule,

Some information is available here. However this is not applicable if you use HestiaCP.

Here is a small tutorial to protect your files from external access when using HestiaCP and NginX

You will need to create 2 files into your server, add some code to these files, and restart NginX.

Step 1. Generate your SSH Key

Step 2. Add your SSH Key to GridPane (also see Add default SSH Keys)

Step 3. Connect to your server by SSH as Root user (we like and use Termius)

Step 1. Create a file named edd-main-context.conf

Connect to your server by SSH as Root user, using for example ShellFish on iPad or iPhone.

We assume our WordPress install is Multisite.

Let’s begin by creating the edd-main-context.conf file, replacing “site.url” with your domain name:

nano /var/www/site.url/nginx/edd-main-context.conf

Step 2. Add this to the contents to the file

location ~ ^/wp-content/uploads/edd/(.*?).zip$ { rewrite / permanent; }

rewrite ^/wp-content/uploads/edd/(.*).zip$ / permanent;

Save the file with CTRL+O, and then Enter. Exit nano with CTRL+X.

Step 3. Check the syntax of nginx.conf and restart NginX

nginx -t

If, after entering the above command, you see a message letting you know that everything’s OK:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

You can now you can reload Nginx by running

gp ngx reload

Your Easy Digital Download files will now be protected.

Stands Blue Logo
Bruno de Stands

co-fondateur de la plateforme Stands

Vous aimerez lire aussi:

Black and Gray Digital Device

Réception de vos mails: 7 trucs pour que vos contacts veulent en savoir plus

Apprenez maintenant comment améliorer les taux d’ouvertures et de clics de vos messages, c’est-à-dire comment faire en sorte que vos abonnés et contacts lisent vos messages et veulent en savoir plus. Côté site Il y a deux “stratégies” à appliquer simultanément: 1. Enrichir le contenu des messages.  Un message plus riche, plus intéressant va inciter vos…