If you want to stop people from downloading a file, you have two options:
Upload the file to outside your public_html folder. People will not be able to download the file, but you can call it by the absolute path it is located at.
To upload your file to root:
To access your file:
In any other file that needs to access that file, use the absolute server path:
/home/sites/[DOMAIN]/[FILE]
Where [DOMAIN] is your domain name (such as your-domain.com) and [FILE] is the file name and extension (such as database.txt).
Create a Password-Protected Directory
Create a password-protected directory within your public_html folder. You can set up a password-directory folder in your eXtend Control Panel.
To set up a password-protected directory:
Article ID: 481
Created On: Tue, Mar 17, 2015 at 3:42 PM
Last Updated On: Thu, Apr 23, 2015 at 12:47 PM
Online URL: https://www.heartinternet.uk/support/article/where-do-i-put-a-file-onto-my-webspace-so-that-it-can-t-be-downloaded.html