Question
How to prevent hotlinking graphics from the domain?
Answer
Bandwidth theft or "hotlinking" is a direct linking to web site's files (images, video, etc.).
For WordPress domains:
If it is WordPress domain, that is required to be secured from hotlinking, it is possible to secure domain in WP Toolkit starting from 3.5.0 version.
-
Go to WordPress > example.com > Security status - View and check the mark for Hotlink Protection in opened window:
For Plesk on Windows
Enable Hotlink Protection in Domains > example.com > Hotlink Protection. Refer to the Documentation on how to configure protection settings.
For Plesk on Linux
Hotlink protection is yet to be implemented in Plesk for Linux. Take part in our product improvement by voting for this feature on Plesk Uservoice portal.
As workaround, hotlink protection can be prevented by use of Apache module mod_rewrite:
-
Log in Plesk;
-
Browse to Home > Domains > example.com > Apache & nginx Settings;
-
Add the following rewrite rules to Additional directives for HTTP/Additional directives for HTTPS fields:
Note: Mind part marked in bold that, in Additional directives for HTTPS, it must be changed to HTTPS.
RewriteEngine on
RewriteCond % !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?example.com(/)?.*$ [NC]
RewriteRule .(gif|jpg|jpeg|png|swf)$ - [NC,F]
If nginx support is enabled on the server, verify that Serve static files directly by nginx option is disabled on Home > Domains > example.com > Apache & nginx Settings page
Then, add the following directives to Additional nginx directives field:
location ~ ^/(.*.(jpe?g|png|gif))$ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}