Nginx Folder Protection Issue

OptimizeCheckouts adds an .htaccess file to it’s protected directory to prevent public access. However, NGINX does not support .htaccess files. This means that you will need to update your NGINX server configuration to prevent public access to files in that directory.

What follows is an example of what you might add to your NGINX configuration, however we highly recommend contacting your web hosting company for assistance with making this change as each hosting environment is different.

location /wp-content/uploads/optimizecheckouts {
deny all;
return 403;
}

For Sites Hosted on Siteground.com (accounts that do NOT use cPanel).

Siteground has a custom server configuration that is not actually a true NGINX setup, but one of their cache settings called
“NGINX Direct Delivery” will serve cached files directly through NGINX.

The code above will NOT work on Siteground. 

To solve the download folder protection on Siteground, we were advised by Siteground Support to disable the NGINX Direct Delivery option with the following steps:

  • When you are logged into your Siteground Account, you’ll need to click on Site Tools.
  • Then go to “Speed > Caching”
  • Then click on “NGINX Direct Delivery” at the top, and turn off the service for the sites that you want to use the downloads folder.
  • Note: You will need to purge the cache on your site in order for this change to take effect.

For Sites Hosted on Apache Servers

If your website is hosted on Apache server and you are still seeing this error, you can edit the .htaccess file of your site directly. You may add the following code after the “End WordPress” line and this will work. Please take a backup of your .htaccess file prior to making edits.

<Files>
Order allow,deny
Deny from all
</Files>

If you have complex set of htaccess rules and experience an error after adding this code, then please remove it and contact your hosting support for further help.

Our team are happy to try to assist, however please note that in some cases, web hosts may block editing some settings.

What if I don’t use Downloads with my products?

It should also be pointed out that this folder is ONLY used if you are adding downloads to your checkout products through the “Included Files” area like you see here:

If you are not using the “Included Files” on any products, then you need not concern yourself with fixing this issue as you may process orders on your site without any security issues and can safely ignore this issue.

Updated on April 26, 2023

Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for? Don't worry we're here to help!
Contact Support