When it comes to your website, there are times where only a certain user should have access to download a certain file or files available only to them. For protecting file downloads in these situations, a file called .htaccess on Apache servers or a config file on Nginx servers is the most common method.

In the case of LearnDash, we store certain files inside of the /wp-content/uploads/learndash directory on your web server that users of your site may need to access from time to time.

.htaccess ( Apache )

The most common web hosting server engine nowadays, an .htaccess file is placed in the directory of files you want to protect. To protect files from being downloaded or accessed directly from the directory, you create an .htaccess file in that directory and place the following code inside of it

Order Allow, Deny
Deny from all


For a full overview of .htaccess and all of the features it can provide, please see the official documentation at https://httpd.apache.org/docs/2.4/howto/htaccess.html

Nginx Config ( Nginx )

If you are running an Nginx server for your hosting, you’ll want to add the following to your config file for the directory you want to protect

deny all;
return 403;

Nginx is a bit different in that access is controlled from a single config file instead of multiple files in different directories like with .htaccess

If you are wanting to protect files inside of the directory where we upload our exported files from our Import/Export feature, you would use the following

location "/wp-content/uploads/learndash/export" {
deny all;
return 403;
}

For a full overview of the Nginx config file and all of the features it can provide, please see the official documentation at https://www.nginx.com/resources/wiki/start/topics/examples/full/