Title: Hotlink File Prevention Author: swinggraphics Published: 25. aug 2014 Last modified: 15. apr 2024 --- Search plugins This plugin **hasn’t been tested with the latest 3 major releases of WordPress**. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. ![](https://ps.w.org/hotlink-file-prevention/assets/icon.svg?rev=2439255) # Hotlink File Prevention By [swinggraphics](https://profiles.wordpress.org/swinggraphics/) [Download](https://downloads.wordpress.org/plugin/hotlink-file-prevention.2.0.0.zip) * [Details](https://et.wordpress.org/plugins/hotlink-file-prevention/#description) * [Reviews](https://et.wordpress.org/plugins/hotlink-file-prevention/#reviews) * [Installation](https://et.wordpress.org/plugins/hotlink-file-prevention/#installation) * [Development](https://et.wordpress.org/plugins/hotlink-file-prevention/#developers) [Support](https://wordpress.org/support/plugin/hotlink-file-prevention/) ## Description Hotlink File Prevention (HFP) offers simple hotlink protection that can be turned on/off for individual files in the WordPress media library. “Hotlinking” is when a file, such as an image or PDF, is linked to from another website or entered manually in a web browser’s location bar. HFP only allows your file to be viewed on your website. Hotlink protection is provided via `.htaccess` rules in the `wp-content/uploads` directory. ### Basic Usage Once the HFP plugin is activated, you will have two new features in the media library: 1. Within the Screen Options tab (list view only), check box for the “Hotlink Prevention” column. 2. To protect a file, edit the file and scroll down to the checkbox labelled “Hotlink Protection”. Any asset that is checked will have “Yes” displayed in the “Hotlink Prevention” column; otherwise, this column will be blank. #### Note about “Open in new tab” option When you use the “Open in new tab” option for links, WordPress adds `rel="noreferrer"`, which effectively makes the link act like direct access, and the link will be blocked for files protected using HFP. ## Screenshots * [[ * Checkbox in the file edit dialog ## Installation 1. Go to “Plugins > Add New” in the WordPress admin area. 2. Search for “Hotlink File Prevention”. 3. Install, then Activate the plugin. For more installation options and instructions, see [“Installing Plugins” on WordPress.org](https://wordpress.org/support/article/managing-plugins/#installing-plugins). ## FAQ ### How does HFP work? HFP creates an Apache `.htaccess` file in the `wp-content/uploads` directory. It sets a HTTP_REFERER check and RewriteRule for each file that has hotlink protection applied. Toggling hotlink protection on/off dynamically adds/removes RewriteRule statements. ### Can it be used with any type of media file? Yes, it works with any file that you upload to the media library. ### Are my files absolutely safe using this plugin? Here’s the deal: This plugin makes it harder for people to hotlink to your files, but if they are highly technical, they will be able to do things like fake the HTTP referrer. ### Does it with with web servers other than Apache? The server must process rewrite rules in `.htaccess`. So HFP will work on Apache and LightSpeed servers, but not NGINX. ## Reviews ![](https://secure.gravatar.com/avatar/fe0b0ad4b7bd718bd1988753daba5195fd8c2a41ac1cafaddb66f1337d51ff7f? s=60&d=retro&r=g) ### 󠀁[Works Great! (read review below for exceptions)](https://wordpress.org/support/topic/works-great-read-review-below-for-exceptions/)󠁿 [Rick Cheney](https://profiles.wordpress.org/rcstp/) 20. nov. 2024 THANK YOU for making this plugin. It works great EXCEPT your media library filenames cannot have hyphens in the filenames. Maybe they can have one or two hyphens, I don’t know because I didn’t test it but I found with four hyphens in the filename it didn’t work. ![](https://secure.gravatar.com/avatar/ab9f741cde101cd8e4551471019f2f28c3266b15a94772642c2f67bc4ad1519e? s=60&d=retro&r=g) ### 󠀁[Not working](https://wordpress.org/support/topic/not-working-4240/)󠁿 [twentytwelveuser](https://profiles.wordpress.org/twentytwelveuser/) 2. juuni 2024 The plugin is activated, but other site still shows pictures from my site. RewriteRule 2017/03/Unity-Terrain03.png – [NC,L,F] Still there is no effect Added: The problem was in hosting settings – they disabled htaccess and used nginx. So I have to enable manual mode to turn on htaccess: Connect to the site with SSH Edit the config file for your site (example: ~/etc/httpd/php80/site-address.conf): AllowOverride All 3. Use the plugin ![](https://secure.gravatar.com/avatar/8f5b79f7e49e7576a837032adaa7842c559d8ce3983c22b9c56b0092cacf096f? s=60&d=retro&r=g) ### 󠀁[Perfect Solution](https://wordpress.org/support/topic/perfect-solution-272/)󠁿 [Mike Oliver](https://profiles.wordpress.org/zephyrmike/) 29. mai 2024 I had an image on one of my website demos linking to over 100k sites, this plugin worked perfectly to block it. ![](https://secure.gravatar.com/avatar/be3af852e708559072ff3efe13bb96c803be1258642e086fe65d842ac0d6697d? s=60&d=retro&r=g) ### 󠀁[Very good](https://wordpress.org/support/topic/very-good-6192/)󠁿 [trinhthidien](https://profiles.wordpress.org/trinhthidien/) 22. jaan 2022 Very good ![](https://secure.gravatar.com/avatar/e5fedd193d655ab5e41d12c10eff5b87b052889d8df3e71aa2499db964cfe63d? s=60&d=retro&r=g) ### 󠀁[Exactly what I was looking for!](https://wordpress.org/support/topic/exactly-what-i-was-looking-for-514/)󠁿 [Wolfgang Hanus](https://profiles.wordpress.org/whanus/) 8. sept 2021 After hours and hours of searching I finally found this plugin. It works great! I would like to see a feature that allows you to protect multiple media files at once. So that you don’t have to click on each file individually. Many thanks to the developers! ![](https://secure.gravatar.com/avatar/5cebc1389489729243feb63f63a88018fc3096db3946f7efd4c3b080e9a57c2a? s=60&d=retro&r=g) ### 󠀁[the best](https://wordpress.org/support/topic/the-best-2090/)󠁿 [user098242734](https://profiles.wordpress.org/user098242734/) 18. juuni 2021 works perfect thanks! [ Read all 7 reviews ](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/) ## Contributors & Developers “Hotlink File Prevention” is open source software. The following people have contributed to this plugin. Contributors * [ swinggraphics ](https://profiles.wordpress.org/swinggraphics/) * [ electricmill ](https://profiles.wordpress.org/electricmill/) [Translate “Hotlink File Prevention” into your language.](https://translate.wordpress.org/projects/wp-plugins/hotlink-file-prevention) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/hotlink-file-prevention/), check out the [SVN repository](https://plugins.svn.wordpress.org/hotlink-file-prevention/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/hotlink-file-prevention/) by [RSS](https://plugins.trac.wordpress.org/log/hotlink-file-prevention/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 2.0.0 * Track protected files in wp_options table instead of individual post meta * Fixed htaccess rules to work with multiple protected files * Use insert_with_markers() to handle writing to htaccess * Added CSS for media library table column * Added uninstall hook #### 1.1.0 * Modernized the code, and got it working again! * Updated README * Changed some strings, and made them translation-ready * Moved Hotlink Protection column before Date * Added deactivation hook to remove htaccess file #### 1.0.1 * commented out error reporting * now uses just filename (followed by full path and name) in .htaccess; previously this was full path and location alone. Version 1.0.0 users should delete .htaccess from /uploads directory and rebuild file by clicking “update” on any file in Media Library that has “Yes” for Hotlink File Prevention. #### 1.0.0 * Development version and Alpha release. ## Meta * Version **2.0.0** * Last updated **2 aastat ago** * Active installations **700+** * WordPress version ** 4.6 or higher ** * Tested up to **6.5.8** * PHP version ** 5.6 or higher ** * Language * [English (US)](https://wordpress.org/plugins/hotlink-file-prevention/) * Tags * [admin](https://et.wordpress.org/plugins/tags/admin/)[attachments](https://et.wordpress.org/plugins/tags/attachments/) [files](https://et.wordpress.org/plugins/tags/files/)[hotlink](https://et.wordpress.org/plugins/tags/hotlink/) [images](https://et.wordpress.org/plugins/tags/images/) * [Advanced View](https://et.wordpress.org/plugins/hotlink-file-prevention/advanced/) ## Ratings 4.9 out of 5 stars. * [ 6 5-star reviews ](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/?filter=5) * [ 1 4-star review ](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/hotlink-file-prevention/reviews/) ## Contributors * [ swinggraphics ](https://profiles.wordpress.org/swinggraphics/) * [ electricmill ](https://profiles.wordpress.org/electricmill/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/hotlink-file-prevention/)