All your files located in the wp-content/uploads/edd/ folder with a .htaccess will be protected by EDD but only if your site is running on Apache. If the site is running on NGINX, the download files will not be protected. These files can be downloaded by anyone. 

This article will guide you to add a custom redirect rule to your site configuration and protect the download files.

If you want to protect your files if you’re using NGINX properly then you need to register a redirect server config that will prevent users from accessing the files. 

Setting up a redirect with WP Engine

The rule you need paste into source is:

^/wp-content/uploads/edd/(.*?)\.zip$

For every file type, you are selling other than the ZIP files. You will need to enter rules for each file type. 

Protecting your files on Pantheon

Currently, Pantheon does not allow custom NGINX rewrite rules. So if you want to properly protect your files on Pantheon, you will need to install the Pantheon Compatibility extension and activate it on your website. This plugin will convert the standard EDD directory to work within the protected directory provided by Pantheon.

Protecting your files on EasyEngine/Nginx

If you wan to protect your EDD files while using EasyEngine and NginX, you need locate where your server{} block lives and add the following line:

location ~ ^/wp-content/uploads/edd/(.*?)\.zip$ { rewrite / permanent; }

Manually Configuring the Redirect

If you are using a third-party hosting or self hosted VPS the you will need to modify the redirect rules in the server config directly. 

If you want to manually add the redirect to your server config, it will look like this, if option 1 doesn’t work, try option 2:

Option 1:

rewrite ^/wp-content/uploads/edd/(.*)\.zip$ / permanent;

Option 2:

rewrite ^/wp-content/uploads/edd/(.*)/(.*)\.zip$ / permanent;

Depending on your hosting provider, you may make the provider implement this for you.