0

I wish to alter the standard .htaccess file in wordpress to prevent hotlinking to our files in the uploads folder. I have put together the code below but sadly the files still are accesible directly, something we would like to prevent.

Anybody here that can tell me where I went wrong ?

thanks

# BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)mysite.be/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|png|css|pdf)$ - [F]


# END WordPress
MrWhite
  • 11,643
  • 4
  • 25
  • 40
user3263070
  • 1
  • An empty HTTP_REFERER fails the second RewriteCond, so the RewriteRule isn't enforced. Perhaps you're missing an [OR] ? – Gerard H. Pille Jun 12 '20 at 12:05
  • "the files still are accesible directly" - Although a direct request isn't strictly "hotlinking"? You generally need to allow "direct" requests (ie. an empty `Referer` header) due to some user-agents legitimately suppressing the `Referer` header. – MrWhite Jun 12 '20 at 13:30
  • @GerardH.Pille An _empty_ HTTP_REFERER fails the **first** RewriteCond (the second would otherwise be _successful_ since it does _not_ match the regex). – MrWhite Jun 12 '20 at 13:44
  • ...and you should avoid manually editing between the `BEGIN WordPress` / `END WordPress` comment markers since WP itself maintains this code block and might overwrite your manual edits in a future update. – MrWhite Jun 12 '20 at 13:56

1 Answers1

0
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://(www\.)mysite.be/ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|png|css|pdf)$ - [F]
Gerard H. Pille
  • 2,469
  • 1
  • 12
  • 10