Selling Files (Digital Downloads & Products) on WordPress

Are you looking to include or sell digital downloads or downloadable products as part of your membership offerings on your WordPress membership site?

ProfilePress is a powerful WordPress membership plugin that lets you offer for free or sell digital products and files like ebooks, music, and software without breaking a sweat. In addition, you’ll find adding, managing, and tracking downloadable files easier on your WordPress membership website.

This guide explains how to manage your digital files and secure their safe delivery to your members.

Setup and Configuration

Login to the WordPress dashboard of your website and go to ProfilePress > Settings > Payments > File Downloads.

Select a File Download Method from the dropdown.

  • Force Downloads – File downloads are forced and served using PHP. To ensure files are protected from direct linking, Force Downloads can be used. However, if your files are large or the server is underpowered, you may experience timeouts during download. In this case, you need to either look at your server or use the “X-Accel-Redirect/X-Sendfile” method.
  • X-Accel-Redirect/X-Sendfile – Downloads are handled by the server (Nginx, Apache, LiteSpeed, Lighttpd and Cherokee). This method requires the X-Accel-Redirect/X-Sendfile module to be installed and enabled on the server. Confirm with your web host that one of these modules is installed before using this method. It’s the most reliable method because the file is served directly to the customer and gives you the best performance. Files are also protected by an .htaccess file, making it secure.
  • Redirect (Insecure) – When users download a file, their link redirects to it. Using this method means your files will be unprotected, and whoever has the upload link will be able to access the file, even when they are not logged in.

Use the Download Limit setting to configure the number of times files can be downloaded after a successful order and the Download Expiry setting to set the number of days a generated download URL will expire.

The Access Restriction setting lets you require users to be logged in to your WordPress site before they can download their files or downloadable product.

Enable Append a unique string to filename for security if you want to ensure that your files’ security is enhanced. It’s recommended to be turned on, but it’s not required if you have correctly configured your upload directory. No filename or links will be affected when you turn it on. Only files uploaded when this setting is checked will have a unique string added to them. This setting is fully backwards-compatible and can be turned off-on at a whim without affecting any already generated file links.

Don’t forget to save your changes.

Protecting your uploads directory

By default, ProfilePress introduces a .htaccess file to protect your wp-content/uploads/ppress_uploads directory, however, doesn’t guarantee the protection of this directory since everything depends on the server’s configuration.

Using NGINX Server?

If you are using the NGINX server for your site along with X-Accel-Redirect/X-Sendfile or Force Downloads download method, you must add this configuration for better security:

# Protect ProfilePress upload folder from being accessed directly.
# You may want to change this config if you are using "X-Accel-Redirect/X-Sendfile" or "Force Downloads" method for downloadable products.
# Place this config towards the end of "server" block in NGINX configuration.
location ~* /wp-content/uploads/ppress_uploads/ {
    if ( $upstream_http_x_accel_redirect = "" ) {
        return 403;
    }
    internal;
}

And this is the configuration in case you are using Redirect only download method:

# Protect ProfilePress upload folder from being accessed directly.
# You may want to change this config if you are using "Redirect Only" method for downloadable products.
# Place this config towards the end of "server" block in NGINX configuration.
location ~* /wp-content/uploads/ppress_uploads/ {
    autoindex off;
}

Don’t hesitate to contact your host and link to this article if you do not know which web server you use.

Using Lighttpd?

When using Lighttpd as the server technology, it is necessary to ensure that your fastcgi-php.conf file is configured correctly. Otherwise, you may experience problems with file downloads.

In your fastcgi-php.conf file, ensure you have allow-x-send-file enabled, like so:

"allow-x-send-file" => "enable"

If you do not enable allow-x-send-file, you may get corrupted file downloads.

Creating Digital Products

Follow the steps below to create digital downloads or downloadable files for your customers or members.

Go to ProfilePress >> Membership Plans >> Add New to create a new membership plan or open up the edit screen of an existing one.

After specifying the plan’s name, price and subscription settings, scroll to the Downloads & Integration metabox and open the Digital Product section.

Click the Add File button, and then name the file. Enter the downloadable URL if it’s hosted elsewhere, or select the “Choose file” button to insert an existing file from your Media Library or upload a new file. Upload the file and click Insert to set up each downloadable file URL.

Enter “Download limit” (optional). Once a user hits this limit, they can no longer download the file.

Enter “Download expiry” (optional). If you define a number of days, download links expire after that.

Once you’ve completed this edit to the membership plan, save your changes.

Every membership plan includes a checkout link which you can add to your website pricing page or email your users to make payments or purchase the plans.

Managing Orders with Downloadable Files

Customers or members can always access the downloadable files or digital products included in their membership subscription on the order details page from the My Account page…

… and from the dedicated “Downloads” section on the My Account page.

As the admin of the WordPress membership site, you can view, access and download the files associated with any order by going to ProfilePress > Orders and selecting the order to view or edit.

Download Logs

You can see a report or log of all files that have been downloaded and details of the user who downloadable them when you go to ProfilePress >> Dashboard >> Download Logs.

Invoice/Order Email

We provide the {{downloads_url}} placeholder, a URL to the downloads sections on the My Account page where users or customers can access their digital products or files. You can use it as a link or a button in, for example, your order receipt template.

Conclusion

Setting up an online store can be intimidating – there’s no way around that fact. However, selling digital files is also one of the simplest ways to start with e-commerce. After all, you won’t need to worry about shipping, and you can sell each product as often as you want.