I’m a little unsure what you’re actually getting at. Do you generally want to block access to all files in the upload directory? Then you would no longer have any images in the frontend of your website. And also no other files that you upload and link to.
Or do you just want to prevent direct access to the files? That would be the hotlinking you’re talking about. What does the code you use for this look like?
I want images to appear on the website but I don’t want images to be accessed by anyone. I want a visitor to be redirected to Google or a 404 page to appear or as soon somebody tries to access the image URL directly.
Examples of what I want
1. A visitor is on an article and right-clicks to view the featured image in a new tab.
2. An 404 page appears or user is redirected to google
And
1. A bad bot tries to display images from my website to their website by linking directly to it via the image URL.
2. An 404 page appears or bad bot is redirected to google.
I hope that makes sense.
The code I have in the htaccess is:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?example.com/.$ [NC] RewriteRule ..(jpg|jpeg|gif|png|bmp|tiff|avi|mpeg|mpg|wma|mov|zip|rar|exe|mp3|pdf|swf|psd)$ http://google.com [R,NC]
The code looks correct and should work. The limits are reached where the caller forges the referer. Here is an article that also sheds light on the topic:
https://shortpixel.com/blog/prevent-hotlinking-on-your-wordpress-site/
In any case, you will still see calls to the URLs. However, the status code is decisive. If you completely reject the request with - [F] instead of redirecting to Google, you should see a 403 in the log.
Ok where in the code do I specifically put the – [F]?
And I’m still able to view image URL’s as shown below
https://streamable.com/uter4k
Untested with your code as base:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?example.com/.$ [NC] RewriteRule ..(jpg|jpeg|gif|png|bmp|tiff|avi|mpeg|mpg|wma|mov|zip|rar|exe|mp3|pdf|swf|psd)$ - [F]
I added the code but I can still right click and view image URL’s
The code does not block a right click. It would only prevent direct access to images without a valid referrer.
I know, I’m reffering to the image URL’s still having direct access despite adding the code.
Screenshot
https://snipboard.io/j3XnxW.jpg
Are you sure that your hosting uses an Apache web server? Only with this would .htaccess files be interpreted – provided support is activated.
If you are using an nginx, completely different configurations would have to be integrated into it to achieve your goal.
If you don’t know, your hoster’s support team will be able to help you.
it’s an apache web server
And is the use of .htaccess files activated in this? You can check this by inserting a typo in the file. This should result in a server-side error. If not, the file will be ignored and not used.
