Support » Plugin: SAR One Click Security » SAR rules conflicting with hotlink protection rules

  • Hi,
    I have come across this scenario, where the rules generated by SAR override the hotlink protection rules. There is ‘.htacess’ file in my wordpress root directory. it has got hotlink protection rules as below:

    ## Hotlink Protection
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://example.com/.*$	   [NC]
    RewriteCond %{HTTP_REFERER} !^http://example.com$	[NC]
    RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$      [NC]
    RewriteCond %{HTTP_REFERER} !^http://www.example.com$      [NC]
    RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

    SAR security updates its rules in the same file.

    Now apart from this SAR security also generates a .htaccess files inside ‘wp-content’ folder with the rules as below:

    # BEGIN SAR One Click Security
    <FilesMatch "\.(php|php3|php5|php4|phtml)$">
    order allow,deny
    deny from all
    </FilesMatch>
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^(themes|plugins)/(.*)/(.*)\.txt$ - [F]
    </IfModule>
    # END SAR One Click Security

    Now when this ‘.htacess’ present is present ‘wp-content’, the hotlink protection just won’t work, but as soon as I rename/remove this file, hotlink protection starts to work.

    https://wordpress.org/plugins/sar-one-click-security/

  • The topic ‘SAR rules conflicting with hotlink protection rules’ is closed to new replies.