When it comes to your website, there are times where only a certain user should have access to download a certain file or files available only to them. For protecting file downloads in these situations, a file called .htaccess on Apache servers or a config file on Nginx servers is the most common method.
In the case of LearnDash, we store certain files inside of the /wp-content/uploads/learndash directory on your web server that users of your site may need to access from time to time.
.htaccess ( Apache )
The most common web hosting server engine nowadays, an .htaccess file is placed in the directory of files you want to protect. To protect files from being downloaded or accessed directly from the directory, you create an .htaccess file in that directory and place the following code inside of it
Order Allow, Deny
Deny from all
For a full overview of .htaccess and all of the features it can provide, please see the official documentation at https://httpd.apache.org/docs/2.4/howto/htaccess.html
Nginx Config ( Nginx )
If you are running an Nginx server for your hosting, you’ll want to add the following to your config file for the directory you want to protect
deny all;
return 403;
Nginx is a bit different in that access is controlled from a single config file instead of multiple files in different directories like with .htaccess
If you are wanting to protect files inside of the directory where we upload our exported files from our Import/Export feature, you would use the following
location "/wp-content/uploads/learndash/export" {
deny all;
return 403;
}
For a full overview of the Nginx config file and all of the features it can provide, please see the official documentation at https://www.nginx.com/resources/wiki/start/topics/examples/full/