Use .htaccess to stop hotlinking & spam comments

Use .htaccess to stop hotlinking & spam comments

When running a website or blog, you have to take care of certain issues such as hotlinking and requests without a referrer. You can use .htaccess file to define certain rules to protect and manage your website. If your website does not have a .htaccess file, create a new text file and name it as .htaccess without any other extension.

Stop hotlinking using .htaccess

Hotlinking happens when another website uses uses your images, videos or other files directly from your server. Why is it bad? It puts unnecessary strain on your server. Its resources are being used for the benefit of another person while leaving your own visitors waiting for files to load.

# HOTLINK PROTECTION

 RewriteCond %{HTTP_REFERER} !^$
 RewriteCond %{REQUEST_FILENAME} -f
 RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
 RewriteCond %{REQUEST_FILENAME} !/hotlink\-(01|02).gif$ [NC]
 RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?perishablepress\. [NC]
 # RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
 RewriteRule \.(gif|jpe?g?|png)$ http://perishablepress.com/wordpress/hotlink-02.gif [R,NC,L]

Prevent spam comments

Spammers send automated comments using bots. These requests do not have a referrer. All request for online content originating from Web browsers have a referrer data identifying the user agent such as Mozilla Firefox and Google Chrome. If a request to post comment comes without referrer data, it is a spam comment. You are better off by turning down such requests. The following code will refuse spam comments in WordPress.

# DENY ACCESS TO NO-REFERRER REQUESTS

 RewriteCond %{REQUEST_METHOD} POST
 RewriteCond %{REQUEST_URI} .wp-comments-post\.
 RewriteCond %{HTTP_REFERER} !.*perishablepress\. [OR,NC]
 RewriteCond %{HTTP_USER_AGENT} ^$
 RewriteRule .* - [F,L]

3 Replies to “Use .htaccess to stop hotlinking & spam comments”

  1. Hello..
    Is there a limit for 301 redirection in htaccess file? I have a website with 400 static html pages (my html file names are not good) and I would like to rename my html file names according to the keywords
    Can I use a single .htaccess file ?

    Thank you

    1. You can add as many 301 redirection rules. You can have only one .htaccess file in one folder. All the rules will go in there—bet it 1 or 1000.

  2. I was looking at your article and I was going to add this to my .htaccess file in BP security, but I’m not sure if it’s already there. I looked through the root htaccess file (even though I have NO clue what I’m looking at) and found the code below. Is it the same kind of thing? And if it’s not, where do I put the code that you listed above?

    # BLOCK HOTLINKING TO IMAGES
    #RewriteEngine On
    #RewriteCond %{HTTP_REFERER} !^https?://(www\.)?add-your-domain-here\.com [NC]
    #RewriteCond %{HTTP_REFERER} !^$
    #RewriteRule .*\.(jpeg|jpg|gif|bmp|png)$ – [F]

    # FORBID COMMENT SPAMMERS ACCESS TO YOUR wp-comments-post.php FILE
    # This is a better approach to blocking Comment Spammers so that you do not
    # accidentally block good traffic to your website. You can add additional
    # Comment Spammer IP addresses on a case by case basis below.

Comments are closed.