prevent Hotlinking through .htaccess

[msp]

Hi,

We got a blog on the pianetadonna platform and we have some issues with hotlinking. I want to counter this by adding some code to the .htaccess file. Do you foresee any problems in me doing that?

Gert



-----------------------------------------------------------------------------
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(blog\.)?pianetadonna.it/msp [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?pinterest.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
-----------------------------------------------------------------------------

[alemoppo]

Hi, who is doing hotlinks? Which site?

Bye!

[msp]

Hi,

The question is if you see any harm in the addition to the .htaccess as I proposed. I fail to see how a list of sites that hotlink will help you answering that.

Thanx

[alemoppo]

If no site does hotlinks, you shouldn't edit that file because you could make your site inaccessible.

Also, with updates, the .htaccess file may be reset, so the change may be useless.
Always use plugins to do something.

Normally the sites already have the most common protections.

Bye!

[msp]

Hi,

Somehow there might be a misunderstanding. There are hotlinks to our blog.

To give you some examples:
ecosia.org
7tcymzs.dip.jp
gooddesign.ezaap.com
it.ryalin.net
airfreshener.club
ucmaia.com
glenoakspathology.com
imgurl.info
kitchendecor.club
globalchin.org
coremc.us

You can find more examples by going to the image tab of google search and look for "inurl:domain.com -site:domain.com". That does not show you any hotlinking to images that have been removed from our blog as those ones obvious create 404's when requested. But it does give you some of the hotlinking sites.

As to your general remark that editing the .htaccess file could make our site inaccesible, I am aware of that. I do not think that the code I proposed will have that effect, but if you think it does, please tell me.

As to your remark that any manual additions to the .htaccess file could be overwritten by you, I am aware of that too. I think it is kind of bad practice from your side to limit the possibilities of using the .htaccess file like that, but I guess I have to live with that.

As to your remark on the use of plugins I do not totally agree. I do agree that a plugin is written by people who presumably know what they are doing and like that it will avoid stupid mistakes. Then again, quite a few plugins are having vulnerabilities because they are written incorrectly. So by people who do not really know what they are doing.

Also, it is not always possible to find a plugin from a trustworthy source that does exactly and only what you want. Sometimes the use of a plugin gives you lots of options that you really do not need. So it bloats the system and potentially slows it down.

In the case of hotlinking I could not find a small, dedicated plugin which would do the trick. That is why most sources on hotlinking suggest adding some lines to the .htaccess file.

The code as proposed isn't any rocket science and it seems quite straight forward to me. I would have added it already if it where not for your request in the .htaccess file to open a thread on the subject first. Do you have any objections to the addition to the .htaccess file as proposed by me?

[alemoppo]

As to your general remark that editing the .htaccess file could make our site inaccesible, I am aware of that. I do not think that the code I proposed will have that effect, but if you think it does, please tell me.

No, your code seems correct.
But I can't guarantee that it won't conflict with other codes.

The code as proposed isn't any rocket science and it seems quite straight forward to me. I would have added it already if it where not for your request in the .htaccess file to open a thread on the subject first. Do you have any objections to the addition to the .htaccess file as proposed by me?

If you want, you can edit the code. But know that it could be overwritten.

Bye!

[msp]

Thank you very much for your advise.

Have a nice day.