While there is no perfect method to prevent product theft, there are a number of things you can do to help minimize it from simple, common sense techniques to more advanced, technicial methods using htaccess.
Make the download page difficult to findPlace your product in an obscurely named folder and avoid using the product name itself as either the folder name or the file name. Something like yoursite.com/85478dep/iisile458.html is better than yoursite.com/downloads/thankyou.html
Make Your Policies Clear To Your CustomersMake sure that your customers understand what their rights are and what your policies are regarding your product. It is best to have this information clearly stated on your product download page. We notice that many copywriters place such notifications within the product itself in either the EULA or directly in the ebook if it is that type of product.
Unfortunately, many products are passed around to friends and family before your product is actually accessed by the paying customer. This is especially true for ebooks and is something that may be deterred by making it clear before they download your product.
Appearance Is ImportantIs your download page professional looking or does it look like it was thrown together at the last minute with nothing but a downlink link. Do you have contact information available so that your customer may contact you if they have a problem accessing the file?
If it looks like your don't care about your product then your customer may not take your policies serious. By having a tidy looking download page with full contact information and a detailed policy statement you portray a professional company image, one that takes their policies seriously.
You can increase your professional image by displaying your customers IP address along with a timestamp near your copyright policies. This lets them know that their download activities are being logged.
If your pages end in .php and your host supports php, this is easily accomplished by adding the following lines of code...
If your page ends in .html and can not be changed for whatever reason, you may add the following code to your .htaccess file in your download directory to force your server to parse the page as if it were .php
AddType application/x-httpd-php .php .html
You can modify your time stamp by changing the "echo date" code. You can find more information on the php date format here.
You can make this look even more professional by displaying this information in an image, you can find the code to do that here.
Using the robots.txt fileMany advise to place a disallow in your robots.txt file like so...
User-agent: *Disallow: /downloads
We feel this is not the best method because you are in a sense advertising where your downloads are stored and bad bots will disregard this file anyway. Instead we suggest that you add something similar to this instead.
User-agent: *Disallow: /*.zip$Disallow: /*.pdf$
Note that Googlebot does obey this statement but not all bots recognize this and other steps should also be taken. More information on the robots.txt file can be found here.
Use Meta Tags On Your Product Download PagesAgain, as with the robots.txt file, this will not protect from the bad bots but is better to have in place than not. Place the following code on your download page between the and tags.
Confirm Your Product Page Has Not Already Been IndexedDo a search on Google for a list of pages already indexed by searching with the following search term...
site:yourdomain.com
If you find that your download page or product has already been indexed, you can use the Google Automated URL Removal System to have it removed. You must first add the Meta Tag above to the page before using this tool. More information can be found on Googles site here.
Restrict Access Through Your HtaccessThrough the use of .htaccess on Unix servers you are able to moderate access to directories or even certain files. There are numerious techniques and variables available when utilizing these directives, so many that it is outside the scope of this particular page to try and fully explain them all so here we will provide you with a short example and you can find more information here.
Adding the following to your .htaccess file in your download folder ...
Order Deny,AllowDeny from allAllow from yourdomain.comAllow from yourpaymentprocesser.com
... will only allow users who have been referred either directly from your website or from your payment processors website to access any documents in that folder. If unsure of your payment processors referring domain you should contact them directly for clarification as sometimes it may be different that what you think. You also have the ability to allow or deny access by referring IP as well as country if you choose. Be sure and test before going live with this method by making a few test purchases.
You could add to this by directing disallowed referrers to either your sales page or a support page where someone could contact you if they felt they were denied access by mistake.
Use A Professional Download ManagerThere are several products on the market that can help manage your digital downloads and assign a unique download url with each purchase. The better ones can even assign temporary passwords that expire after a predetermined amount of time.