This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Hotlink File Prevention

Description

This plugin offers simple hotlink prevention that can be applied directly in the media library. With many membership plugins and private pages on WordPress – non members or those who do not have access can still potenially gain access via the url of the file

HFP offers simple hotlink prevention to individual files that can be turned on/off in the media library.

Hotlink prevention is provided by .htacesss rules in the /uploads directory. See FAQ’s for more details.

Developer Notes

HFP uses a custom meta field ‘_hfp_prevention’ which has a value of 1 if file is protected

Basic Usage

  • To protect a file – edit the file, scroll down and you will see a checkbox with ‘Prevent hotlink’
  • Any media asset that is checked – will have ‘Yes’ displayed under ‘Hotlink Prevention’, otherwise this column will be blank.

Installation

The install

  1. The plugin can be installed from the auto-install tool in the WordPress admin area.
  2. To manually install, upload the folder ‘/hfp’ to the /wp-content/plugins/ directory
  3. Activate the plugin through the ‘Plugins’ menu in WordPress

Using the plugin

  1. Once the HFP plugin is activated – its’ functionality is only visible in the media library.
  2. Within screen options – check the ‘Hotlink Prevention’ column.
  3. To protect a file – edit the file, scroll down and you will see a checkbox with ‘Prevent hotlink’
  4. Any media asset that is checked – will have ‘Yes’ displayed under ‘Hotlink Prevention’, otherwise this column will be blank.

FAQ

How does HFP work?

HFP creates an Apache .htaccess file in the /uploads directory. It uses HTTP_REFERER statement (for the site in general) and RewriteRule statements for each file that has hotlink protection applied. Toggling on and off hotlink prevention dynamically adds/removes RewriteRule statements.

Can it be used with any type of media file?

Yes, it works with any file that you upload to your media libary

Are my files absoutely safe using this plugin?

Here’s the deal. This plugin makes it harder for people to hotlink to your files – but if they decide they want to use something like cURL – then they can do things like fake the HTTP referrer.

Does it with with web servers other than Apache?

No. Support for other web servers not currently planned

Contributors & Developers

“Hotlink File Prevention” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.0.1

  • commented out error reporting
  • now uses just filename (followed by full path and name) in .htaccess; previously this was full path and location alone. Version 1.0.0 users should delete .htaccess from /uploads directory and rebuild file by clicking “update” on any file in Media Library that has “Yes” for Hotlink File Prevention.

1.0.0

  • Development version and Alpha release.