Docs
← Back to site

WooCommerce

4 min readUpdated June 28, 2026

WP Media Cloud integrates with WooCommerce to offload product images, gallery images, and category images to cloud storage, and to serve downloadable product files via signed URLs for customers who have completed a purchase. No configuration is required for image offloading. Secure downloads require additional setup on Bunny Edge Storage or Cloudflare R2.

What gets offloaded#

All WooCommerce media that passes through the WordPress media library is offloaded automatically:

  • Product featured images
  • Product gallery images
  • Product category images
  • Downloadable product files uploaded through the media library

No additional configuration is needed for image offloading. Once WP Media Cloud is configured with a storage provider, WooCommerce product images are offloaded on upload and served from cloud storage or your CDN automatically.

Secure downloads#

By default, downloadable product files stored in cloud storage are served via their public CDN URL. Any customer who has purchased the product can access the download link, but the link itself is a plain URL that could be shared or reused after the download period expires.

When secure downloads are enabled, WP Media Cloud intercepts WooCommerce’s download redirect and replaces the plain CDN URL with a short-lived signed URL. The signed URL is valid for 10 minutes — long enough for a slow connection to complete a download, short enough to be useless if shared after that window. The signed URL is generated fresh each time a customer clicks a download link.

Secure downloads are supported on two providers:

  • Bunny Edge Storage — signed URLs use Bunny’s HMAC-SHA256 token authentication. Requires a Token Authentication key configured in your Bunny pull zone settings and entered in WP Media Cloud settings.
  • Cloudflare R2 — signed URLs use AWS Signature V4 presigned GET URLs. Uses your existing R2 credentials. No additional setup in Cloudflare is required.

Secure downloads are not available on Amazon S3, Wasabi, DigitalOcean Spaces, Hetzner, Backblaze B2, Google Cloud Storage, or S3-compatible endpoints in the current release. On these providers, downloadable files are served via their public CDN URL regardless of the secure downloads setting.

WooCommerce download methods#

WooCommerce has three download methods: redirect, force download, and X-Accel. WP Media Cloud handles all three for offloaded files:

  • Redirect — WP Media Cloud replaces the plain URL with a signed URL before the redirect is sent.
  • Force download and X-Accel — these methods attempt to read the file from the local filesystem and stream it. WP Media Cloud intercepts these for offloaded files and converts them to a signed redirect instead, so the file is served from cloud storage rather than the server disk. This means offloaded files can be downloaded correctly even when local file removal is enabled.

Enabling secure downloads on Bunny Edge Storage#

  1. Log in to the Bunny dashboard and open your pull zone.
  2. Go to the Security tab and enable Token Authentication.
  3. Copy the Token Authentication key.
  4. In WordPress, go to WP Media Cloud > Settings and find the WooCommerce section. Enable Secure Downloads and paste the Token Authentication key into the Bunny Token Auth Key field.
  5. Save settings.

Enabling secure downloads on Cloudflare R2#

  1. Confirm your R2 credentials are correctly entered in WP Media Cloud > Settings > Storage.
  2. Go to WP Media Cloud > Settings and find the WooCommerce section. Enable Secure Downloads.
  3. Save settings.

No additional Cloudflare configuration is required. WP Media Cloud uses SigV4 signing with your existing R2 credentials.

Troubleshooting#

Product images are not loading from cloud storage
Confirm WP Media Cloud is configured with a working storage connection and that URL rewriting is enabled. Go to Media > Library, click on any product image, and check the file URL. If it still shows your site URL, the image was not offloaded. Run the bulk migration tool to offload existing product images.

Download links return Access Denied or 403
For Bunny: confirm the Token Authentication key in WP Media Cloud settings matches the key in your Bunny pull zone Security tab. For R2: confirm all R2 credentials are correctly entered. For other providers: secure downloads are not supported and the plain CDN URL is served. If the CDN URL itself is returning 403, the file may not be publicly accessible in your bucket.

Force download or X-Accel is not serving the file
WP Media Cloud intercepts force download and X-Accel requests for offloaded files and converts them to signed redirects. If the download is failing, confirm the file is offloaded by checking its URL in the media library. Also confirm secure downloads is enabled in settings if you expect signed URLs.

Download link expires too quickly
Signed URLs are valid for 10 minutes. This is a fixed value in the current release. If customers are reporting expired links, the most likely cause is the customer waiting a long time before clicking the download link after receiving the email. Encourage customers to click the download link soon after receiving the order confirmation.

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only