The simple download monitor plugin has an option that you can use to keep the download URL of the file hidden. This can be useful if you are offering some password protected file downloads and you want to keep the actual URL of those files hidden.
First, Quickly Install the Free Plugin (if you don’t have it)
You can install the plugin using the following steps:
- Download the Simple Download Monitor Plugin from the plugin page of the WordPress repository.
- In the WordPress Dashboard menu, select Plugins, then click Add New.
- Search for “Simple Download Monitor” and locate the Simple Download Monitor Plugin in the list of results.
- Click the Install Now link, then Activate it.
Configure a New Download Item
Step 1) Click Downloads, then Add New from the left-hand menu.
Step 2) Configure the download item as usual.
Step 3) Check the “PHP Dispatch” option. See screenshot below:
Step 4) Optionally, set a password for the download (if you want to apply password protection to this download).
Step 5) Embed this download item on any post or page using the standard SDM plugin shortcode.
When your users download this item, the actual file URL of the item will now be hidden.
Enabling PHP Dispatching To All New Downloads
You can go to the settings menu of the plugin and check the “PHP Dispatching” option if you want this option to be enabled by default for all new download items that you configure.
Note
If you are using a very large file on a cheap shared hosting with low RAM memory limit then this option may not work correctly. Read our WordPress hosting recommendation guide to learn more on this.
No matter the download solution you choose (with PHP dispatching), if the real location of the files cannot be moved outside the public web space, you can still protect it from direct access by putting a .htaccess file in there containing something like this:
Options -Indexes
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1 localhost
This way the location will be accessible only via the plugin. It works for me.
@David, SDM doesn’t have an option for that at the moment.
You may want to look at our WP eStore plugin for that. eStore has a feature for doing that (you can create download now buttons that are outside the public_html directory):
https://www.tipsandtricks-hq.com/wordpress-estore-plugin-complete-solution-to-sell-digital-products-from-your-wordpress-blog-securely-1059
Is there any way to configure SDM files so that they do not have a publicly accessible URL? I.E. They are accessible from the file system (and presumably your PHP plugin), but are in a folder outside of public_html? This would be much more secure than merely hiding the URL.