Get Adobe Flash player


Search this site for:

Related Links

Valid XHTML 1.0 Transitional

Valid CSS!

How to Prevent Theft of Your Ebooks - Part 2: Stop Illegal Downloads

If you sell downloadable products (via ClickBank, PayPal, etc.), you need to be sure that no-one can access those products unless they've paid for them.
It's no secret that there are many people out there who will try to get to your download pages without paying for your product or, worse again, will make your download links available for free to others.

So what can you do to prevent this from happening?

Here are a few tips that won't provide 100% protection, but will ensure that the majority of users will not be able to easily access and steal your products.


If you name your download page something like 'thankyou.html' or 'download.html' then it's a pretty simple process for the average hacker to locate your page and download your product. Give your download pages a complicated name that is neither easy to guess, easy to remember nor easy to recognize.


In keeping with point number 1, this is just a question of making it more difficult for the average hacker to find your download pages.

Let's say you're selling an ebook called "How to Make Your Hamster Happy". Now, let's say you're selling it at this URL:

In this example, your sales page is contained in the directory called 'happyhamster'.

Now, rather than store your download page in this same directory, you can make life more difficult for the hacker by creating sub-directories (or 'nested' directories) for your download page.

Just create a sub-directory inside 'happyhamster' called, for example, 'srB45n' and another directory inside that one called 'trd12s' (or whatever) and then place your download page inside this directory. In this scenario, your download page would be contained at this, more hidden, address: rd12s

Another approach is to place your download page directory in a separate place altogether on your server - thus making it even more difficult for a hacker to track it down.


If you don't have a page called 'index.htm' in the directory that contains your download page, then your host server will display a page listing the contents of that directory.

Here's an example of a directory that doesn't have an 'index.htm' page: As you can see, the contents of the directory are there for all to see (and download).

Your 'index' page can be a regular page from your site or you can make it re-direct the visitor somewhere else. You can see this idea in action by visiting As you can see, when you try to access that directory, you're immediately re-directed to the home page.

To create your own re-direct page, simply paste the following HTML code into Windows Notepad (or your web-editing software) and save it as 'index.htm' or 'index.html'. Now upload it to the folder you wish to protect.

<.meta HTTP-EQUIV="refresh"
<.meta name="robots" content="noindex">

NOTE: I've placed dots (.) after the "<" in all the lines above. This is to ensure that the code shows up properly here. When using this on your web page, remove those dots. NOTE: Be sure to replace the URL with the address you want to re-direct the visitor to.


It's amazing how many download pages you'll find via the search engines if you put your mind to it. In fact, one search I just ran on Google turned up two download pages on the first page of results (albeit both from the same website).

To get around this, you need to ensure that the search engines do not include your download pages in their index.

To do this, just place the following snippet of code between the <.head> and <./head> tags at the top of your download page's HTML...(again, remove the dot)

<.meta name="robots" content="nofollow,noindex">


PayPal is a great service but it has a gaping security hole that affects anyone selling downloadable products.

When you sell via PayPal, even the most amateur of hackers can find out the location of your download page just by looking at the HTML code on your sales page.

One way around this is to use HTML encryption software to render the HTML of your sales page un-readable. While this will stop the majority of hackers, the more determined ones will probably be able to crack the code.

Another approach is to use specialized software like 'PayLock Generator' ( which creates highly encrypted PayPal order buttons that are very difficult to crack.


This one is pretty self-explanatory. If you've followed the steps outlined above, then you've gone some way towards protecting your digital products. It's not 100% protection, however, which is why I recommend changing your download links regularly. This will help ensure that, if someone does manage to access your products, and has been leaving your download links on forums or whatever, then you'll be able to cut them off.


If someone is giving your ebook away for free, it's not a given that everyone who downloads it will be as dishonest as the one giving it away. It's a good idea to place a prominent statement inside your ebook explaining that it's not a free ebook. Ask readers to contact you if they received the ebook for free explaining where they downloaded it. You might consider offering a small 'reward' for taking the time to contact you.

Okay, those are the basic steps you can (and should) take to protect your downloads. If you're worried that this isn't enough, then you'll find some additional resources below that really go the extra mile. (I use these myself so I can testify to their worth).

Just one final point... after you make the changes outlined above, be sure to double-check everything is working okay.

About the Author
Michael Hopkins is owner of BizzyDays Ebook Publications.
Visit now to download original ebooks for FREE at:

Jeff McCall is author of Ebiz Bodyguard, one of the most
comprehensive guides to online business protection currently
available. Download a free sample of Ebiz Bodyguard at: