prevent .htaccess file to be created in WooCommerce Uploads folder

Hello @svadr!

Yes, every time you update/activate the WooCommerce plugin, the .htaccess file will be automatically created in the ‘Woocommerce_Uploads’ folder (on the Apache servers). So, this is expected behavior. However, this file is generated and updated according to the preferences set in the “WooCommerce > Settings > Products > Downloadable products” section and there is no need to manually delete it.

1. If you have “File download method” set to “Redirect only (Insecure)”; in addition to the secure links (mentioned below), your downloadable files will also become available via the direct file URLs, i.e. in the format: https://example.site/wp-content/uploads/woocommerce_uploads/2022/10/filename.pdf
This means that anyone with this link can access and download your file(s); so this is an insecure link. Your ‘Woocommerce_Uploads’ directory won’t have any access restrictions, WooCommerce itself will make the necessary changes in the .htaccess file to ensure this.

2. But, if you set this option to “Force downloads”; your ‘Woocommerce_Uploads’ directory will be locked (using the .htaccess rules automatically created by WooCommerce), and the downloadable files will be served via auto-generated URL(s).
Path format of such files would be something like: https://example.site/?download_file=%5BID%5D&order=wc_order_EIhqnfCFqnyes&uid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&key=xxx-xxx-xxx-xxx-xxxxxxx
If ‘force downloads’ is enabled, direct file URLs will return a ‘403 forbidden’ error.

3. So, if you want your files to be accessible via their direct links, **”File download method”** should be set to “Redirect only (Insecure)”. Also, there is no need to delete .htaccess file; this should be automatically handled.

Please make sure that your settings are saved accordingly; if you still face problems, please paste your site’s status report back here so we can take a closer look.

Also, paste here a screenshot of your “WooCommerce > Settings > Products > Downloadable products” page. Make sure that you blur/cut the portions with sensitive information; we only need to check your settings.

Best!

Thank you so much for your extensive answer with all good-to-know information!
I have now changed the settings to “Redirect only (Insecure). However, the last part (insecure) sounded a bit scary.
But I have made a test purchase and I was able to download the product. But it will be more interesting to see how it works next time a .htaccess files has been created in the woocommerce_upload folder.

How do I attach a file with a screenshot of my preferences?

Kind regards
Svante

Hi again,

My apologies, I should have asked for the screenshot URL instead. There isn’t a way to attach screenshots on this forum. You can upload your screenshot at any image hosting site or cloud drive and paste the public file URL here.

However, as you are no longer facing the problem and as you’ve also mentioned the change that you made in your settings, the screenshot isn’t required.

Lastly, changing the “File download method” setting also recreates the .htaccess file in the ‘woocommerce_uploads’ folder. So, the .htaccess file should already be there as you changed this setting. Feel free to check this at your end.

As the file paths are now working, this means that the misconfiguration has been fixed.

But, do let us know if you find any problems.

Best!

You are right, a new htaccess file has been created in the folder and the download and permissions still works as expected.
With that I think we can close this ticket and I thank you for all your help and guidance in this subject.