You should never create standalone files to do things like this. This is one of the reasons timthumb turned into a security nightmare, and it’s incredibly fragile and dangerous. WordPress is a CMS, and it should handle all requests.
Instead, use GET or POST variables in the URL to do the work inside WordPress, by adding parts to the URL, such as example.com/?download=1
E.g. create your download link like this:
<a href="https://wordpress.stackexchange.com/questions/229608/<?php echo home_url("/?downloadthing=1'); ?>">Download</a>
Then hook into the init event to trigger the download:
add_action( 'init', 'do_the_download' );
function do_the_download() {
if ( empty( $_GET['downloadthing'] ) {
return;
}
// the download code goes here
}
The same trick can be done for form handlers. For AJAX look at the REST API or the WP AJAX API
I would also keep in mind that what you’re trying to do will almost certainly get you in trouble with your host for proxying giant files in PHP for download. It’ll be a performance hog which your host will notice. Never mind that you’re using it for Game of Thrones videos. Sharing these things via website downloads is the most dangerous and insecure way and is just begging to be caught, even more so if you’re the one hosting this script.