How to password-protect your downloads
  Last Edited - 06/17/2014 2:55pm PDT
  Category Path - Shopping Cart Software Components > Administration Area > Modules > Digital Delivery > FAQs & Tutorials
I don't want unauthorized access to the downloads I sell - just in case someone figures out where they are hosted. Can I password protect the directory that contains my downloads? Will the store's digital delivery system still be able to access the downloads if they're in a password protected directory?

Yes, Modular Merchant's Digital Delivery system is compatible with distributing files located in a password protected directory. Doing this has two parts:

First: Password protect the directory that contains the files you are selling.
Second: Update the URLs of your store's digital objects to include the password information.

Below is a tutorial on both of these parts. To take advantage of this feature, follow these steps:

Step 1: Password protect the directory that houses your downloads

The first step, of course, is to add password protection to the directory containing the download files that your customers purchase. Password protecting the directory prevents unauthorized access.

If a directory containing your downloads isn't password protected, then someone who discovers the URL (web address) of the directory containing your downloads could potentially view — and download — all of the files in that directory simply by viewing its URL in a web browser.

However, if the directory containing your downloads is password protected, then entering the URL of the directory containing your downloads would result in a popup window requesting a user name and password instead. Without the knowledge of this user name and password, the files contained in the directory cannot be viewed.

The method used to password protect a directory will vary from server to server. However, for clients who have their the directory they want to protect hosted with Modular Merchant, the directory can be password protected from within their Plesk control panel. Here's how:

1. Log in to your Plesk control panel.

  • The login information can be found through [Hosting > Connection Information].
  • A link to the control panel is available through [Hosting > Hosting Control Panel].

2. Within Plesk, click Domains on the left.
3. Select the domain you are working with.
4. Under Files, select Password Protected Directories.

5. Click Add Protected Directory.
  • Enter the Directory name. If the directory doesn't already exist on your site at this location, one will be created.
  • For the Directory location, be sure that Non-SSL and SSL are selected.
  • The header text is optional.
  • Click OK.

6. Click Add a New User.
  • Enter a user name for the New User field.
  • Enter a password in the New password field.
  • Enter it again in the Confirm password field.
  • Click OK.

The directory has now been password protected, and a user has been created to access it with. When going to a file held in that directory in a web browser (Firefox, Chrome, IE, etc.), the user will be prompted to enter a user name and password.

This will not affect FTP connections to the directory on your site; only access via web browser.


protecting directories not hosted with modular merchant
For website directories hosted remotely, it's recommended that they be password protected using a .htaccess file. Contact your server provider for instructions on how to set up and install a .htaccess file on their server.
Step 2: Update the URLs of your store's Digital Objects

Now that the directory containing your store's digital objects is protected, the URLs of those files will need to be updated to include the user name and password required to access the directory.

The user name and password will be appended to the URLs of the digital objects themselves. When the customer downloads a file they have purchased from within your store's download area, the system will extract the user name and password out of the Download File's URL and use it to access the protected directory.

rest assured
All of this is done behind the scenes, transparent to the customer. The user name and password will not be displayed.

1. Locate the Digital Delivery module, through [Modules > Digital Delivery].

2. On the Digital Delivery Module's Home Page, locate the option titled Search & Replace Digital Object URLS. This tool can be used to add the user name and password to a batch of digital objects all at once, so that you won't need to manually update all your files' URLs one-at-a-time.

3. Simply enter a portion of the original URL in the field for option 1, and a version of what that URL will be changed into in the field for option 2.

When adding a protected directory's user name and password to a file's URL, the user name and password must be inserted immediately after "http://", with a colon in-between and an "@" symbol after.

The user name I'm using is "dudley" and the password is "qR4473e". In this example, the URL:
--would be changed to--

4. After completing fields both fields, click Search & Replace to make your changes.

The system will scan all of the URLs in your digital objects database table, and change any instances of the text entered into option 1 with that entered into option 2. If the text only matches a portion of the URL, the portion of text that matches will still be changed.

The steps above will allow you to add password protection to one or more directories on your website. Once protected, a user name and password will be required to view or otherwise access any webpages or files contained within the directory. Then, the Search & Replace Digital Object URLs tool available in your Modular Merchant store's administration area can be used to update the links to the downloads you sell to the protected version.

for the bandwidth conscious
Please note, that the secure method for accessing and distributing files from within a password protected directory requires more bandwidth usage. This is because files housed within a password protected directory must be accessed and distributed in a different way by the Digital Delivery system in order to remain secure.
Powered by ModularKB