Selling Large Software Downloads (ZIP, RAR, EXE, MSI) with WooCommerce

Yes, Infinite Uploads can host and deliver large software downloads through WooCommerce, including ZIP, RAR, EXE, and MSI files. There are two sides to this: getting large files into WordPress in the first place, and then delivering them securely to paying customers. Big File Uploads handles the first half, Infinite Uploads handles the second, and WordPress itself controls which file extensions are allowed.

What this covers

If you sell software, games, design assets, or any other large digital product on WooCommerce, you typically hit three walls:

• Server upload size limits that block large source files from reaching your site
• File type restrictions that block executables and archives from being uploaded to WordPress
• Hosting bandwidth and storage overages when customers download large files directly from your server

Infinite Uploads and Big File Uploads work together to solve all three.

Delivering large files to paying customers

Infinite Uploads offloads your digital download files to cloud storage and serves them through a global CDN. Once a file is offloaded, customers never download directly from your web server. This protects your hosting bandwidth and gives customers a fast, reliable download even on multi-gigabyte files.

Infinite Uploads supports both of WooCommerce’s protected download methods:

• Force Downloads (PHP): WooCommerce pipes the file through PHP so the true cloud URL is never exposed to the customer.
• X-Accel-Redirect / X-Sendfile (nginx/Apache): The web server hands off delivery directly, which is faster and lighter on PHP. Requires the module to be enabled by your host.

Both methods keep the download link tokenized through WooCommerce, so customers can’t share the cloud URL and bypass your store. “Redirect only” is also supported but is not recommended because it exposes the direct file URL.

Getting large source files into WordPress

WordPress inherits your host’s PHP upload limits, which are usually 32 MB to 256 MB. A 4 GB installer will fail long before it reaches the Media Library, regardless of your internet connection.

Install the free Big File Uploads plugin alongside Infinite Uploads. Big File Uploads raises the maximum upload size to whatever you set, and chunks large files into smaller pieces so they survive server timeouts. Uploads also resume from where they left off if a chunk fails.

Once the file lands in the Media Library, Infinite Uploads offloads it to the cloud on the normal upload hook. You don’t need to do anything extra to connect the two.

Allowing EXE, MSI, and other software file types in WordPress

WordPress restricts uploads to a pre-approved list of file extensions for security reasons. Infinite Uploads doesn’t override that list. It stores and delivers whatever WordPress lets you upload. If WordPress blocks the file type, nothing can offload.

Allowed by default

These extensions work without any extra configuration:

• ZIP (.zip)
• RAR (.rar)
• 7z (.7z)
• TAR / GZ (.tar, .gz)
• PDF, DOC, DOCX, and other standard document formats

Blocked by default (need to be enabled)

These are the ones that usually trip up software sellers. WordPress treats them as potentially dangerous because they can execute code on a visitor’s machine:

• EXE (.exe) – Windows executables
• MSI (.msi) – Windows installer packages
• DMG (.dmg) – macOS disk images
• APK (.apk) – Android packages
• DEB, RPM – Linux packages

Enabling extra file types

The simplest option is a free plugin like File Upload Types by WPForms or WP Add Mime Types. Both let you tick the file types you need from a preset list and save.

If you prefer code, add this to a functions file or a small mu-plugin. Adjust for the extensions you actually sell:

add_filter( 'upload_mimes', function( $mimes ) {
    $mimes['exe'] = 'application/x-msdownload';
    $mimes['msi'] = 'application/x-msi';
    $mimes['dmg'] = 'application/x-apple-diskimage';
    return $mimes;
} );

Only allow the file types you actually sell. Allowing executables on a site that accepts uploads from untrusted users can be a serious security risk.

WooCommerce setup

Once the plugins are installed and file types are allowed, the WooCommerce workflow is the standard one:

1. Go to WooCommerce > Settings > Products > Downloadable products.
2. Set File Download Method to Force Downloads or X-Accel-Redirect/X-Sendfile.
3. Leave “Append a unique string to filename for security” enabled.
4. Create or edit a product, tick Virtual and Downloadable.
5. Upload your installer through the standard WooCommerce file selector. Big File Uploads handles the chunked upload; Infinite Uploads offloads it to the cloud afterward.
6. Save the product. Customers who purchase get a tokenized download link that streams the file from Infinite Uploads CDN.

Quick reference

Common questions

Does Infinite Uploads work with Easy Digital Downloads?

Yes. The same cloud storage and CDN delivery model applies. EDD’s own download protection sits on top.

Is there a file size cap?

No. Infinite Uploads bills on storage and bandwidth used, not per file. Multi-GB software installers work the same as a 2 MB image once Big File Uploads gets them into WordPress.

Will customers see the cloud URL?

Not when you use Force Downloads or X-Accel-Redirect/X-Sendfile. WooCommerce serves a tokenized URL on your domain and the true cloud URL stays hidden. Only “Redirect only” exposes the direct link, which is why it’s not recommended for paid products.

Can I require login for downloads?

That’s a WooCommerce setting, not an Infinite Uploads one. Enable “Downloads require login” under WooCommerce > Settings > Products > Downloadable products. Infinite Uploads respects whatever access rules WooCommerce enforces.

What if my host blocks EXE files at the server level?

Some managed hosts strip executables with a security filter even after WordPress allows them. If uploads fail silently after you’ve allowlisted the MIME type, contact your host and confirm they’re not blocking the extension.