Defend Your Thank You Folders From URL Guessers By Robert PlankIf you sell downloadable products, you're going to have a thank you page (a URL where buyer is redirected after a sale). With just a couple lines of HTACCESS code you can make that folder airtight.
You shouldn't be putting a buyer through a mandatory signup process to download product. They already paid, just give them file right away and offer a chance to opt-in for updates later. Otherwise you'll be getting lots of support e-mails from people asking where product is they just paid for.
It's always smart to name your thank you page something with a number -- a name like postorder735.html or thank-you-9987.html will do. You just want to make this impossible to guess.
When it's possible I like to separate sales page from download, so I stash them in a folder called something like "download" or "order." Problem: If you have these separate folders, these URL guessers can see contents of them.
The obvious solution is to put an index.html in folder, which keeps its contents from being listed... but what if you have, say, 25 of these folders? Do you need 25 index.html files?
No, and that's where HTACCESS comes in. Open up a new text file in Notepad and put this text in exactly:
Options -Indexes
Then save file as: .htaccess (WITH that dot in front)