How you deliver files to customers after purchase is one of the most critical decisions in your digital store setup. Easy Digital Downloads (EDD) supports multiple download methods, each with different trade-offs for security, performance, and server compatibility. Choosing the wrong method can lead to slow downloads, broken links, or unauthorized access to your files.
This guide explains every download method available in EDD, how to configure each one, when to use Amazon S3 or Dropbox for file hosting, and how to set up download limits and expiration for maximum security.
Understanding EDD Download Methods
EDD offers three core download methods. Each controls how the file is transferred from your server to the customer’s browser.
1. Forced Download (Default)
With forced downloads, EDD uses PHP to read the file from the server and stream it to the customer’s browser. The actual file URL is never exposed, customers only see a tokenized download link that expires after use.
How it works: When a customer clicks their download link, EDD verifies the purchase, reads the file with PHP’s readfile() function, and sends it with proper headers that force the browser to download rather than display the file.
Pros:
- Most secure, file URLs are never exposed to the customer
- Works on all hosting environments
- Supports download limits and expiration
Cons:
- Uses PHP memory and execution time, can timeout on large files (100MB+)
- Slower than direct file serving for large files
- May hit PHP memory limits on shared hosting
Best for: Small to medium files (under 100MB), shared hosting, maximum security requirements.
2. Redirect
The redirect method sends the customer directly to the file URL using an HTTP redirect. The file is served by the web server (Apache/Nginx) instead of PHP, which is significantly faster for large files.
How it works: EDD verifies the purchase, then sends a 302 redirect to the actual file URL. The web server handles the file transfer directly.
Pros:
- Fast, web server handles file delivery, not PHP
- No PHP memory or timeout issues
- Works well for large files
Cons:
- Exposes the actual file URL momentarily during the redirect
- Tech-savvy users could potentially share direct file links
- Less secure than forced downloads
Best for: Large files (100MB+), VPS/dedicated servers where you control the web server configuration.
3. X-Accel-Redirect / X-Sendfile
This is the best of both worlds. The web server handles file delivery (fast), but the file URL is never exposed to the customer (secure). It requires specific web server configuration.
How it works: EDD verifies the purchase, then sends a special header (X-Accel-Redirect for Nginx, X-Sendfile for Apache) telling the web server to deliver the file. The customer never sees the file URL.
Pros:
- Fastest delivery method
- Secure, file URL is never exposed
- No PHP resource usage for file transfer
Cons:
- Requires server-level configuration (mod_xsendfile for Apache, or Nginx config)
- Not available on most shared hosting
Best for: VPS/dedicated servers with full server access, stores with high download volume or large files.
Configuring Your Download Method
- Go to Downloads > Settings > Misc in your WordPress admin.
- Find the Download Method dropdown.
- Select your preferred method: Forced, Redirect, or X-Accel-Redirect/X-Sendfile.
- Click Save Changes.
If you switch methods, test a download immediately to verify it works. Add a test product with a small file and complete a test purchase.
File Storage Options
Local Server Storage (Default)
By default, EDD stores downloadable files in your WordPress wp-content/uploads/edd/ directory. EDD adds an .htaccess file (Apache) or expects Nginx rules to prevent direct access to this directory.
Verify your protection is working by trying to access a file directly in your browser: yourdomain.com/wp-content/uploads/edd/2026/02/your-file.zip. You should get a 403 Forbidden error, not the file.
Amazon S3 Integration
For stores with large files or high download volumes, Amazon S3 offloads file storage and delivery from your web server. EDD’s Amazon S3 extension generates pre-signed, time-limited URLs for each download.
Setup steps:
- Create an S3 bucket and upload your files.
- Create an IAM user with
s3:GetObjectpermission on your bucket. - Install the EDD Amazon S3 extension.
- Enter your AWS Access Key and Secret Key in Downloads > Settings > Extensions > Amazon S3.
- When creating products, use the S3 file URL format:
s3://bucket-name/path/to/file.zip.
Benefits: Unlimited storage, global CDN delivery via CloudFront, no server load for file transfers, automatic pre-signed URLs that expire.
Dropbox Integration
EDD’s Dropbox File Store extension lets you host files on Dropbox and deliver them securely. This is simpler than S3 but less configurable.
Connect your Dropbox account in the extension settings, then select Dropbox files when creating products. EDD generates temporary download links that expire after use.
Download Limits and Expiration
Protecting your files doesn’t stop at the download method. EDD provides two additional security layers:
File Download Limit
Set the maximum number of times a customer can download their purchased files.
- Go to Downloads > Settings > Misc.
- Set the File Download Limit field (e.g., 3 or 5).
- This applies globally. To override per-product, edit the product and set a product-specific download limit.
A limit of 3-5 downloads is standard. This prevents link sharing while allowing customers to re-download if needed.
Download Link Expiration
Set how long download links remain active after purchase.
- In Downloads > Settings > Misc, find Download Link Expiration.
- Enter the number of hours (e.g., 48 for 2 days, or 0 for no expiration).
A 48-hour expiration is a good default. Customers receive their download link immediately after purchase and via email, giving them ample time to download while limiting exposure of the link.
File Access Logging
EDD logs every file download in Downloads > Reports > Logs > File Downloads. Each log entry includes:
- Customer name and email
- Product and file downloaded
- Date and time
- IP address
Review these logs periodically to spot unusual patterns, like a single customer downloading the same file dozens of times, which could indicate link sharing.
Optimizing Large File Delivery
If you sell files larger than 100MB (video courses, software, design assets), these optimizations are critical:
- Use Amazon S3 + CloudFront for files over 100MB. This eliminates PHP memory issues and provides global CDN delivery.
- Increase PHP limits if using forced downloads: set
memory_limitto 512M andmax_execution_timeto 300 in php.ini. - Switch to X-Accel-Redirect if you control your server. It’s the fastest method for large files.
- Split large products into multiple files instead of one massive archive. Smaller files are more reliable to download and easier to resume if interrupted.
- Provide checksums (MD5 or SHA256) so customers can verify file integrity after download.
Troubleshooting Common Issues
Downloads return a blank page or 0-byte file
This usually means PHP ran out of memory during a forced download. Either increase memory_limit in php.ini, switch to the Redirect method, or move files to Amazon S3.
Download links say “expired” immediately
Check your server’s timezone settings. If your server clock is wrong, links may appear expired. Also verify the Download Link Expiration setting isn’t set to 0 hours unintentionally.
Files are accessible without purchase
Your upload directory protection isn’t working. For Apache, verify the .htaccess file exists in wp-content/uploads/edd/. For Nginx, add a location block that denies access to the EDD upload directory.
Customers can’t download after purchase
Check the payment status, downloads are only available for completed payments. Also verify the file URL in the product is correct and the file exists at that location.
Frequently Asked Questions
Which download method should I use?
For most stores: Forced Download (default). It’s the most secure and works everywhere. Switch to X-Accel-Redirect if you have VPS access and need better performance. Use Redirect only if forced downloads cause timeout issues and you can’t use X-Accel.
Do I need Amazon S3?
Not for small stores with files under 50MB. S3 becomes valuable when you sell large files, have high download volume, or want CDN delivery for global customers.
Can customers share their download links?
With proper configuration (forced downloads + download limits + link expiration), shared links will either expire or hit the download limit. No system is 100% piracy-proof, but these measures make casual sharing impractical.