Hotlinks

  • Resolved Lucid

    (@lucidkobold)


    5 years, 5 months ago

    I appear to be having some issues when setting up hotlinks protection and I can’t seem to find any solution for the issue I am having.

    Basically if I were to enable hotlink protection the WordPress app would no longer be able to access my files. (Obviously that’s the point of hotlink protection.

    I have whitelisted:
    *WordPress.com
    *.www.ads-software.com
    *.Jetpack.com
    *.wp.com

    And the app still can’t access the files on my website.

    I have since disabled hotlink protection for now until I can get the proper domains to whitelist for the app to continue to work.

    Bandwidth isn’t the concern for me. The server I am running on can handle bandwidth and I know I can enable a setting for jetpack to host my pictures.

    I am trying to set this up because I don’t want any unauthorized website to link to my files. It’s more a matter of copyright than anything else.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Scroll down to #3 here:

    https://www.wpbeginner.com/beginners-guide/4-ways-to-prevent-image-theft-in-wordpress/

    and this

    https://www.shoutmeloud.com/prevent-image-hotlinking-wordpress.html

    Thread Starter Lucid

    (@lucidkobold)

    I know how to set it up. When I do it the WordPress app is also blacklisted despite me whitelisting WordPress.com www.ads-software.com jetpack.com and wp.com

    That’s why I need help with. What domains do I need to whitelist to allow the app to access the files on my website?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    It’s based on the referrer. Show your .htaccess.

    Thread Starter Lucid

    (@lucidkobold)

    I understand it goes by referrers. Here is the hotlink section of my .htaccess not that it will do much good. It’s not the issue. I need to know what domains the WordPress Android app uses so I can whitelist it.

    # Begin cPanel hotlink protection
RewriteCond %{HTTP_REFERER} !^https://*.lucid-writing.net/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.lucid-writing.net$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.wordpress.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.wordpress.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.www.ads-software.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.www.ads-software.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.wp.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.wp.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.jetpack.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://*.jetpack.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Aha! Android app. You didn’t mention that. Sorry, but I have no idea. What do your logs show when you access stuff via Android?

    Thread Starter Lucid

    (@lucidkobold)

    Sorry for not making that clear before.

    The log just says that it couldn’t retrieve the pictures.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    What if you create a page on your site where you record all that info from the $_SERVER array?

    something like

    <pre>
<?php print_r( $_SERVER ); ?>
</pre>
    Thread Starter Lucid

    (@lucidkobold)

    I’ll check.

    Keep in mind that this issue only happens when I have hotlink enabled. It’s currently not enabled because of this issue.

    Is the browser on your device disabling the sending of the referer header? I have an extension in Firefox where I can turn it off such that it doesn’t send Referer: https://lucid-writing.net/ in the request headers when getting an image and would trigger the hot-link protection which appears to be off at the moment.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Hotlinks’ is closed to new replies.