Someone is cloning my entire website

The same type of problem is discussed here https://www.webhostingtalk.com/showthread.php?t=1333261

@danniee You can try the disabling CORS/Strengthening HTTP Access control. CORS (Cross Origin Resource Sharing) is the ability for other sites to reference links to your own site in their source code.

By disabling this, you’re preventing other sites from displaying content hosted on your own site. Simply Paste the following in your .htaccess file if you are on apache: Access-Control-Allow-Origin: https://www.example.com

For Ngnix config, Try this:
add_header 'Access-Control-Allow-Origin' 'www\.example\.com';

This says to only allow requests from https://www.example.com. You can also be more specific with these rules, to only allow specific methods from specific domains.

Here is more on this: https://techgirlkb.guru/2017/08/preventing-site-mirroring-via-hotlinking/

Let me know how that goes ??

Hi @soberbanda

Thank you so much for these suggestions, I will try them right away! I only need to paste it like that in the htaccess file? No need for <ifmodule> etc?

Thank you!

@danniee That depends on what clone site owner is doing to copy your site.

You can disable <iframes> for sure but it won’t help if they are mirroring it the way mentioned in the article.

If they are framing your site using the <iframe> code, It might work as mentioned.

Let me know how that goes ??

@soberbanda I tried to add it like this in my htaccess:

Access-Control-Allow-Origin: https://www.example.com

But what happens is that when I click a featured image, it just downloads some blank file and I prevents me from visiting the article.

@danniee Avoid it then ??

Go ahead with disabling <iframe> and hotlinking.

@soberbanda I really want to make it work. It seems to me like it’s more important than to disable iframe and hotlinking.

@danniee Okay. Let’s do it then ??

>>Access-Control-Allow-Origin: https://www.example.com<&lt;

Try it with https and let me know if you can replicate the same issue!

@soberbanda ok but should it actually say example.com or do I need to change it to my own domain or something?

Hm according to someone at stack overflow this will be pointless :/

“If they are using a reverse proxy, that likely means no client-side requests are made from their domain to yours in the first place, which in turn means CORS does nothing for you in this situation“

@danniee As I said, everything depends on whatever they are implementing to get your site cloned. If they aren’t using reverse proxy, it will work for sure.

The best way it to try and figure out which one might work.

>>ok but should it actually say example.com or do I need to change it to my own domain or something?<<

Yes you would need to change that. If your site loads over https, put that instead of http ??

I know for a fact that they are using reverse proxy, as was mentioned in my initial post ??

When I block their IP, their site goes down (403). So it has at least temporarily solved the problem. I just want to prevent this from happening again.

Sorry for that ??

Seems like there is no permanent solution for this as of now. I recommend going through this: https://security.stackexchange.com/questions/243022/how-to-prevent-someone-from-proxying-your-websites

Mm, I’ve done what he suggested in the article, so it’s pretty easy to close them down once you know a mirror website exists. I just wish there was a way to find those mirrored clones before Google started indexing them ??

I really appreciate your helo @soberbanda

@danniee Not a problem ??

You can use a plagiarism checker to lookout for such websites like this one: https://www.copyscape.com/

Although I am not sure how effective that would be. Google should seriously consider building a filtering system to ban/ un-index such mirror sites.

Have a good day!