You can do the following things to easily add extra protection to your PDF file URLs that you are selling.
1) Make the folder name hard to guess
For example, you could store your original PDF files in teh following directory of your site which will make it really hard for anyone to guess the location:
http://www.your-domain.com/my-pdf-files/IYqmiy76Hqa/
2) Use an Empty intex.html File
You can also add an empty/blank index.html file in the folder that has your PDF files. This will make it so no one can browse and see the content of that folder.
Download a blank index.html (right click and choose save as)
3) Use Htaccess File
Lets say you are keeping your source/original PDF files in the following folder/directory of your site:
..../wp-content/uploads/my-pdf-files/
Simply add a .htaccess file to the “my-pdf-files” folder with the following content:
deny from all
This will prevent anyone from being able to access the PDF files from that folder.
The FileZilla FTP client tutorial will be very helpful for you (if you don’t know how to use FileZilla already).