ThemeShaper Forums » Thematic


Protecting your website from splogs, comment spam and hotlinking!

(1 post)
  • Started 7 years ago by proto
  • This topic is not resolved
  1. proto

    Hello all,

    I wanted to share something that I think would be useful for pretty much everyone on this forum and also to ask if I've got this right? Using the .htaccess file (please note sometimes your computer or your FTP client hides these by default in which case you'll need to enable your CPU or FTP to view these file types). Using .htaccess you can help protect your wordpress site from malicious splog / spam / hotlinking from robots. The code I have got is from a brilliant article describing how to protect your blog (more info here: I thought if anyone else agrees this would be useful for everyone and perhaps even worth putting where people can see this given it helps to protect your blog from Spam bots, Splog registrations and image hotlinking. Not bad for a few lines of code to save you a lot of hassle!

    I also need help as I think it's nearly there but when I test my images for hotlinking, they appear not to be protected, so can a guru please step forward and point out what I need to modify. Obviously in the following code I've subbed my domain with "enteryourdomainhere"

    Here's my code:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-signup\.php*
    RewriteCond %{HTTP_REFERER} !.** [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) [R=301,L]
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.** [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule ^(.*)$ ^$ [R=301,L]
    RewriteEngine On
    #Replace ?mysite\.com/ with your blog url
    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?enteryourdomainhere\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    #Replace /images/nohotlink.jpg with your "don't hotlink" image url
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
    # END WordPress

    Any thoughts on what I need to modify to get the hotlinking protection up and running? My site is installed in a sub directory in my web root files (as another protection feature). For example, instead of directly putting my install in the root directory, I created a unniquely named folder > installed wordpress and moved index.php and .htaccess up to the root. Might this be causing the isssue?

    DO NOT USE THIS CODE ON YOUR WEBSITE until we have verified it works (hopefully a guru will reply and confirm, I'm happy to test the new code for hotlink protection and then people can choose to use this if they want.

    Posted 7 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.