How to protect wordpress blog from hotlinking – protect bandwidth – tips and plugins
Wp super cache wordpress plugin screenshot
1) Speed up your blog and protect beandwidth limit using WP SUPER CACHE plugin
But not all of the blog will be static for some users of the site will display the pages dynamic and static pages will be displayed only to users who:
2. Users who have never left a comment on the blog.
3. Users who have not seen posts protected by password.
The good news is that probably 99% of the visitors do not do anything mentioned above, these users will see the cached pages on your server, this plugin is very useful for example when our blogs are listed on sites or how digg.com meneame.net who lead thousands of visitors to our sites, and avoid downed server.
This plugin is based on the old WP-Cache which was created by Ricardo Galli some time, so if you’re using WP-Cache can easily migrate to WP Super Cache.
2) Protect bandwidth from hotlinking – protect images and bandwidth and CPU resources
To prevent hotlinking from only a few specific domains, such as digg.com, myspace.com and blogspot.com, but allow for any other, use this code in .htaccess file
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
#RewriteRule \.(gif|jpg)$ http://www.yoursite.com/stealingisbad.gif [R,L]
You can add as many domains as you like. Each line must end with RewriteCond [NC, OR]. [NC] (No Case) means that ignore the differences between uppercase and lowercase. [OR] “Or Next” means you go to the next looking for online matches. The latest domain omit the use of OR to stop looking for further matches.The first line begins to rewrite the options in Apache.
The second line verifies the match from the very page (mipagina.com).
The code [NC] means “No Case”, making no matter whether this lowercase or uppercase direction.
The third line is to allow direct references (to put the link into the address bar – without references to other pages).
Finally the last line is used for extensions of the files jpeg, jpg, gif, bmp, png. These are replaced by the image nohotlink.jpg which is in the folder images. This extension uses the JPEG image and not jpe jpg also to avoid being blocked.
3) Prevent hotlinking using wordpress plugin
The plugin hotlinking protection is the best plugin to avoid such a technique known and very annoying the hotlink, which is the theft of broadband using your images in other sites, usually blogs or forums.
The biggest damage is not the use of an image to go but not to upload to your host are using our resources in hosting and this in the long run can bring problems of overloading and bandwidth without leave for the rest of the month.
If you use Wordpress because it will not be problem, because we have a hotlinking protection plugin created by Lim Dul blocking hotlinking of images showing an image by default, but instead shows an image that we can configure.
Installation:
1. Download Plugin Hotlink Protection Plugin for Wordpress
2. Unzip the file
3. FTP to upload to the folder / wp-content/plugins / all
4. Activated from the menu manager
5. Go to Options>> Hotlinking Protection for setting the plug.
Setup is simple, by default, and brings wp-content/uploads protected folder to which you can add that you need.
This plugin you just installed because something is happening in the hosting, I do not believe so many resources being spent, to see how I go.
4) Protect bandwidth from bad HTTP request :
There are several ways to fight spam, some are based on trying to prevent, for example, leave a comment being as a requirement to enter a code that is displayed in a picture or a word, and even do a simple sum (eg Use this blog, along with plugin commented that today).
However, all these techniques are more or less combated by those who are behind the spam and making by improving their programs that are capable of introducing codes, words or even the sums …
So somebody had the idea that the best way to avoid spam was not letting the bots on our site. Cut the problem at source.
The latter is the system which is based in Bad Behavior (which translated means “bad behavior” or “misconduct”), and that the system is used for difference between normal users or search engines and spiders from spam bots, is precisely based on analyzing the behavior of visitors and compare it with that of a spam bot and ordinary users, while penalizing the ban to come to our blog to those who do not for example HTTP requests as a normal user, do not obey the guidelines File “robots.txt” in case you’ve created, or contain your user ID (User-Agent) words or expressions of regular use known spammers.
A system that we have available as a plugin for WordPress as well have it available for other CMS as Lifetype, Mediawiki, or Joomla.
In this way we avoid the vast majority of spam bots to have the opportunity to test our forms and / or email addresses. And we can always supplement this with other protection that do not fill our database with spam.
“Bad Behavior manages to block nearly all link spam without ever looking at the spam. While it might be useful to do so, for performance reasons, Bad Behavior does not analyze received spam. I’ve found that this way lies madness; spammers are constantly buying new domain names, so it’s possible to miss a lot of spam by looking at it.
Instead, Bad Behavior pioneered an HTTP fingerprinting approach. Instead of looking at the spam, we look at the spammer. Bad Behavior analyzes the HTTP headers, IP address, and other metadata regarding the request to determine if it is spammy or malicious. This approach has proved, as one user said, “shockingly effective.” After all, spammers write their bots on the cheap, and have little incentive to code very well. If they could code very well, they probably wouldn’t be spammers.”
Bad Behavior analyzes the delivery method as well as the software the spammer is using. In this way, Bad Behavior can stop spam attacks even when nobody has ever seen the particular spam before.
Download Bad Behavior wordpress plugin to protect bandwidth
5) Protect images directory from direct access
In folder where are images theme/images or wp-content/images or anywhere you can put index.php file with code :
<?php
// Change to the URL you want to redirect to
$URL=”http://www.yoursite.com”;
header (“Location: $URL”);
?>
Make .htaccess file in images directory with this code :
SetEnvIfNoCase Referer “^http://www.yoursite.com/” locally_linked=1
SetEnvIfNoCase Referer “^http://www.yoursite.com$” locally_linked=1
SetEnvIfNoCase Referer “^http://yoursite.com/” locally_linked=1
SetEnvIfNoCase Referer “^http://yoursite.com$” locally_linked=1
SetEnvIfNoCase Referer “^$” locally_linked=1
<FilesMatch “\.(css|gif|png|jpe?g)$”>
Order Allow,Deny
Allow from env=locally_linked
</FilesMatch>
Now you protect 100% your site from bandwidth theft ! Any suggestions ?
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
This is a wonderful article probably the best one ! Not many has explained with tips about the security & plugins to use .The other one similar to this is but more on security :
http://www.itoneworldsystem.com/blog/2009/01/12/how-to-protect-your-blog-from-the-hacker/