Preventing Hotlinking

Transcript

1. Preventing Hotlinking Philly 'Burbs WordPress Meetup April 2018

2. Preventing Hotlinking Amy Letson @accessamy

3. Check out wpbeginner article: ★ Disable right-click (plugins) ★ Watermarking

   (plugins) ★ Copyright notices ★ Hotlinking prevention www.wpbeginner.com/beginners-guide/4-ways-to-p revent-image-theft-in-wordpress/

4. Site A direct- links to an image hosted by Site

   B, without permission. ©Amy Letson 2015

5. What?? smh... ©Amy Letson 2015

6. ★ Copyright ★ Bandwidth ★ $$$

7. source: giphy

8. "Then if I want to use an image hosted on

   another site I should put a copy on my own server. Got it."

9. source: giphy

10. Grab rewrite rule. (Apache) <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} !^$ RewriteCond

    %{HTTP_REFERER} !^http(s)?://([^.]+\.)?example\.com [NC] RewriteRule \.(gif|jpe?g?|png)$ - [NC,F,L] </IfModule>
11. None

12. <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://([^.]+\.)?example\.com [NC] RewriteRule

    \.(gif|jpe?g?|png)$ - [NC,F,L] </IfModule> OPTIONAL: Add this line above the third line RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] via Jeff Starr, lynda.com and Perishable Press

13. <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://([^.]+\.)?example\.com [NC] RewriteRule

    \.(gif|jpe?g?|png)$ - [NC,F,L] </IfModule> OPTIONAL: Add this line above the third line RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] via Jeff Starr, lynda.com and Perishable Press

14. <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://([^.]+\.)?example\.com [NC] RewriteRule

    \.(gif|jpe?g?|png)$ - [NC,F,L] </IfModule> OPTIONAL: Add this line above the third line RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] via Jeff Starr, lynda.com and Perishable Press

15. <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://([^.]+\.)?example\.com [NC] RewriteRule

    \.(gif|jpe?g?|png)$ - [NC,F,L] </IfModule> OPTIONAL: Add this line above the third line RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] via Jeff Starr, lynda.com and Perishable Press

16. Paste your new rule in .htaccess above any WordPress-specific rules.

    # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress

17. <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://([^.]+\.)?example\.com [NC] RewriteRule

    \.(gif|jpe?g?|png)$ - [NC,F,L] RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/g7ptdBB.png [NC,R,L] </IfModule> http://wpcrux.com/blog/hotlinking-protection

18. "The image you are requesting does not exist or is

    no longer available."

19. # ultimate hotlink protection <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_REFERER}

    !^$ RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC] RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain\. [NC] RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] </ifModule> via Jeff Starr, https://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy

20. You can protect other file types, like videos, mp3, PDF,

    CSS, Word documents, or zip files.

21. Your WordPress site may have no .htaccess file. If you

    go to Settings in your dashboard, click on Permalinks and choose a Permalink structure, WordPress will generate an .htaccess file.

22. On a shared host, you may need to include an

    additional .htaccess file directly in the wp-content/uploads/ directory.

23. When testing, clear browser cache or use a proxy like

    hide.me. Also recommended: http://altlab.com/hotlink checker.php.

24. You may find an option in C-Panel or WHM. www.siteground.com/tutorials/cpanel/

    hotlink-protection

25. Another solution is to use CloudFlare CDN and enable its

    Hotlink Protection. gif, ico, jpg, jpeg, png

26. How do you know this is happening?

27. Try an image search using these terms: inurl:yourwebsite.com -site:yourwebsite.com via

    https://themeisle.com/blog/prevent-image-hotlinking-in-wordpress
28. None
29. None
30. None

31. Alpha Stock Images http://alphastockimages.com How to file a DMCA (Digital

    Millennium Copyright Act) takedown notice: https://kinsta.com/knowledgebase/dmca-takedown-notice

32. Thank you! ©Amy Letson 2017

33. Resources WordPress: Developing Secure Sites with Jeff Starr (video-based) https://www.lynda.com

    Apache Module mod_rewrite http://httpd.apache.org/docs/current/mod/mod_rewrite.html Test Image Hotlinking Protection http://altlab.com/hotlinkchecker.php Anonymous Proxy Browser https://hide.me/en/proxy Perishable Press - Creating the Ultimate htaccess Anti-Hotlinking Strategy https://perishablepress.com/creating-the-ultimate-htaccess-anti-hotlinking-strategy/ CloudFlare - Enabling Hotlink Protection https://support.cloudflare.com/hc/en-us/articles/200170026-What-does-enabling-Cloudflar e-Hotlink-Protection-do-

34. Resources Siteground - Enabling Hotlink Protection https://www.siteground.com/tutorials/cpanel/hotlink-protection/ Plugin - All

    In One WP Security & Firewall https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ File a DMCA (Digital Millennium Copyright Act) takedown notice https://kinsta.com/knowledgebase/dmca-takedown-notice/ ThemeIsle, How to Prevent Image Hotlinking in WordPress (And Why You Should Do It) https://themeisle.com/blog/prevent-image-hotlinking-in-wordpress/ Search for hotlinked images Go to Google images and paste these terms, modified to match your domain: inurl:yourwebsite.com -site:yourwebsite.com

35. Preventing Hotlinking Amy Letson @accessamy