Simple hotlink protection for individual files in the media library.
Hotlink File Prevention (HFP) offers simple hotlink protection that can be turned on/off for individual files in the WordPress media library.
“Hotlinking” is when a file, such as an image or PDF, is linked to from another website or entered manually in a web browser’s location bar. HFP only allows your file to be viewed on your website.
Hotlink protection is provided via .htaccess
rules in the wp-content/uploads
directory.
Once the HFP plugin is activated, you will have two new features in the media library:
Any asset that is checked will have “Yes” displayed in the “Hotlink Prevention” column; otherwise, this column will be blank.
When you use the “Open in new tab” option for links, WordPress adds rel="noreferrer"
, which effectively makes the link act like direct access, and the link will be blocked for files protected using HFP.
For more installation options and instructions, see “Installing Plugins” on WordPress.org.
HFP creates an Apache .htaccess
file in the wp-content/uploads
directory. It sets a HTTP_REFERER check and RewriteRule for each file that has hotlink protection applied. Toggling hotlink protection on/off dynamically adds/removes RewriteRule statements.
Yes, it works with any file that you upload to the media library.
Here’s the deal: This plugin makes it harder for people to hotlink to your files, but if they are highly technical, they will be able to do things like fake the HTTP referrer.
The server must process rewrite rules in .htaccess
. So HFP will work on Apache and LightSpeed servers, but not NGINX.