How to prevent hotlinking graphics from the domain?

If it is WordPress domain, that is required to be secured from hotlinking, it is possible to secure domain in WP Toolkit starting from 3.5.0 version.

1. Log into Plesk;

2. Go to WordPress > example.com > Security status - View and check the mark for Hotlink Protection in opened window:

Enable Hotlink Protection in Domains > example.com > Hotlink Protection. Refer to the Documentation on how to configure protection settings.

Hotlink protection is yet to be implemented in Plesk for Linux. Take part in our product improvement by voting for this feature on Plesk Uservoice portal.

As workaround, hotlink protection can be prevented by use of Apache module mod_rewrite:

1. Log in Plesk;

2. Browse to Home > Domains > example.com > Apache & nginx Settings;

3. Add the following rewrite rules to Additional directives for HTTP/Additional directives for HTTPS fields:

   Note: Mind part marked in bold that, in Additional directives for HTTPS, it must be changed to HTTPS.

   RewriteEngine on
   RewriteCond % !^$
   RewriteCond %{HTTP_REFERER} !^http://(www.)?example.com(/)?.*$ [NC]
   RewriteRule .(gif|jpg|jpeg|png|swf)$ - [NC,F]

If nginx support is enabled on the server, verify that Serve static files directly by nginx option is disabled on Home > Domains > example.com > Apache & nginx Settings page

Then, add the following directives to Additional nginx directives field:

location ~ ^/(.*.(jpe?g|png|gif))$ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}