I won't give any phrases out, but suffice to say if you do a strategically worded query in google, you will get tons of download pages which have been indexed with direct links to products.
If you're not going to protect download pages (or files for that matter) from direct access, you need to AT LEAST protect them from search engines.
Don't forget! These are quick fixes which have been improved on but will still not adequately protect your download pages. The main message here is: get a download manager.
This can be done by putting a robots.txt in your ROOT directory with nothing in it but this:
You can also have multiple disallows:
Finally, you can disallow an entire directory using the above formula and protect your files:
Then chuck all your product files in that directory and you won't have the search engines indexing your files either.
If your robots.txt says "Disallow: /myreallycoolstuff"... who isn't going to look there?
Make a folder UNDER it with your download file in it. So people download from /myreallycoolstuff/adlkfjeoirhonecc/file.zip - and it will be harder to find.
if you put it in /myreallycoolstuff/adlkfjeoirhonecc/file.zip
PLEASE disable directory listing in /myreallycoolstuff/
That's done with .htaccess file with the following contained:
The file should go in the directory you want to protect, or in most cases - the root of your domain. This also assumes you have linux server (if you don't know what that is, you probably do).
META TAG VERSION
Easy peasy, put within the <head></head> section of your site:
<meta name="robots" content="noindex">
Not all search engines play nice. Some WILL still index your site regardless of what you instruct them to do in your robots.txt file. I cannot stress the importance of using a decent download manager.
I've attached the robots.txt file here for anybody who needs it. Simply change as you see fit.
You can also do a quick fix with php - this is done by making sure the visitor is referred by your payment provider before the page or file is even allowed access. Again, not ideal, but it's a quick fix.
Hope this helps.
To clarify - this came to mind when I was doing a project recently which uses what I would say is quite a popular system. It didn't recommend or offer any kind of protection. So, naturally, I protected the pages using the methods above and advised the client they should use a secure download manager. All I had to do was search a particular "phrase" in google and wooooooshhhh..tons of download pages with direct access to the author's products.