Hello all,
I wanted to share something that I think would be useful for pretty much everyone on this forum and also to ask if I've got this right? Using the .htaccess file (please note sometimes your computer or your FTP client hides these by default in which case you'll need to enable your CPU or FTP to view these file types). Using .htaccess you can help protect your wordpress site from malicious splog / spam / hotlinking from robots. The code I have got is from a brilliant article describing how to protect your blog (more info here: http://www.catswhocode.com/blog/10-awesome-htaccess-hacks-for-wordpress). I thought if anyone else agrees this would be useful for everyone and perhaps even worth putting where people can see this given it helps to protect your blog from Spam bots, Splog registrations and image hotlinking. Not bad for a few lines of code to save you a lot of hassle!
I also need help as I think it's nearly there but when I test my images for hotlinking, they appear not to be protected, so can a guru please step forward and point out what I need to modify. Obviously in the following code I've subbed my domain with "enteryourdomainhere"
Here's my code:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup\.php*
RewriteCond %{HTTP_REFERER} !.*enteryourdomainhere.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://get-the-heck-out.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
# BLOCK COMMENT SPAM BY DENYING ACCESS TO NO-REFERRER REQUESTS
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*enteryourdomainhere.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://funnyjunk.com/$ [R=301,L]
# PROTECT BLOG FROM HOTLINKING
RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?enteryourdomainhere\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
# END WordPressAny thoughts on what I need to modify to get the hotlinking protection up and running? My site is installed in a sub directory in my web root files (as another protection feature). For example, instead of directly putting my install in the root directory, I created a unniquely named folder > installed wordpress and moved index.php and .htaccess up to the root. Might this be causing the isssue?
DO NOT USE THIS CODE ON YOUR WEBSITE until we have verified it works (hopefully a guru will reply and confirm, I'm happy to test the new code for hotlink protection and then people can choose to use this if they want.