I'm setting up a woocommerce website to sell fonts, and read about security of downloadable zip-files. Would creating password protected zip-files make any sense? The access code to the downloaded file could be sent within the confirmation mail. Pointless? Hassle? Good idea?
I guess though, it depends on what your overall goal of having a password-protected zip would be (as opposed to a non-password version).
A thought I also just had: Once the files are unzipped, does that make the password then redundant to the protection? Ie someone unzips the files using the password, then send the unzipped font files to a colleague without the need for a password.
I like the idea, just trying to figure out the reality of it.
I suppose properly set .htaccess -files is needed to protect the files not to be stolen, if Woocommerce itself is not safe enough.
That said, you want some level of security theater to signal to the customer that the fonts have value. So the problem becomes logistical. How can you get the most demonstrative impact with the least amount of friction?
What we do is provide the zip via a download link they receive in the confirmation email (which is also their receipt) . The link expires after 24 hours but we can always reactivate it for another 24 hours.
I get customers asking years later for the link to be refreshed... so I'd worry about a password for the zip from a support perspective as well. What would you do when they need it again and can't find it? Would you send another zip or would you have the password somewhere? Is it a unique password (more work to retrieve) or not. If not is it even worth any bother at all?
There’s also the opposite strategy, “flooding” the search with free trial versions — that somewhat helps against unconscious piracy. Customers will easily try your fonts and buy them, “bypassers” at least will know it’s not free and they should use something else, and pirates will have harder times finding the full versions.