Moved WP from Root to Sub Directory and Now Prevent Hotlinks Not Working

Hi Joe, you might like to try the following plugin Velvet Blues Update URLs. I have used this plugin in the past when I have moved some sites from one directory to another directory.

You might also find the following documentation helpful.

Let me know if you need more help.

Kind regards

Hey mbrsolution,

I have already tried Velvet Blues and even Search and Replace plugin updating all my MySQL database values.

My database reflects the new URL. I have tried to follow the bits and pieces of the WordPress guide. I am not too fond of following it entirely because for example, I don’t want to copy and move my .htaccess file and index.php to root otherwise my site will be visible both on https://www.mydomainname.com and https://www.mydomainname.com/test.

In the past, I transitioned from http to https and that’s when I used Velvet Blues to update my URLs accordingly. However, the errors I received at that time didn’t have anything to do with 403 forbidden errors.

All my other plugins work fine without any errors. It’s just when I specifically activate hotlinks, a pandemonium strikes. More relevantly, those errors are precisely 403 related and they even show my new home URL address as https://www.mydomainname.com/test. That’s how I knew it’s a firewall/security problem rather than a MySQL database old URL mishap.

Anyways, I know this may be a very distinct issue and you may not have the solution I am looking for.

Thanks for those tips anyways. If you can happen to miraculously find a remedy, then hats off. Otherwise, I think I can live without hotlinks for now until I find something eye opening!

All my best,

Joe

Okay I understand what you mean.

Try the following if you haven’t already. Deactivate and delete this plugin. Then install a fresh copy and don’t allow the previous settings. Then test the feature that is causing you issues.

Let me know what happens.

Regards

Hey mbrsolution,

Thanks for the advice.

Although this will be a little time-intensive (having to save my blacklist of IP addresses, documenting the settings I changed, etc.), I think it’s worth a shot.

Take care my friend and thanks for still trying to help out! It means a lot!

All my best,

Joe

Hey mbrsolution,

No luck. I tried following your instructions and the error messages don’t go away. I know for a fact this problem definitely has a relationship with the prevent hotlinking option. As soon as I deactivate prevent hotlinking, those messages disappear instantly upon a browser refresh.

If you have time, I know you guys are constantly swamped with requests, please look into the syntax inserted in the .htaccess file when this option is enabled.

If you need me to insert this syntax let me know.

Thanks again for all you do to keep this community happy!

All my best,
Joe

Hi @rebornhairppp, just to let you know that I have 3 different sites set up exactly as you describe and I have no issue with Prevent Hotlinks.

This is probably more related to a specific setting or configuration in your site and or server.

Make sure your .htaccess file is set up correctly. You might have to speak to your host about this issue.

Kind regards.

Hi mbrsolution,

Thanks for letting me know.

My hosting provider doesn’t have access to my VPS. It’s self managed by me and me only as I have a dedicated IP.

Do any of your 3 sites have a subfolder set up similar to my domain name? I will look into my .htaccess file. I don’t think there’s anything wrong with the set up though.

Again, hotlinks was working flawlessly prior to the conversion. It’s working on my other domain name and the WordPress contents are in the root folder not under a subfolder.

If we can’t find a solution, don’t sweat it. Luckily I can live with it since the domain name in question is only used as a testing site.

Take care and God bless!

All my best,

Joe

Hi Joe, no problem but since you have this issue in your testing site I would like to know if there is a solution or not.

Do any of your 3 sites have a subfolder set up similar to my domain name?

My Spanish site runs in an /es/ folder independently from my the main site. I have also set up a few other sites in this manner in different servers. The reason why I do this is because it makes the site more secure and keeps the root folder cleaner and more organize.

I am curious to know as well ??

God bless you too.

Kind regards

Hey mbrsolution,

Now I am really curious to know why this is happening specifically to my set up. I am puzzled.

I will try to continue performing trial and error testing and report any updates if I find any.

Thanks for the kind blessings! ??

All my best,

Joe

Hey mbrsolution,

I found a relevant post regarding the hotlink issue I am facing: https://really-simple-ssl.com/knowledge-base/403-errors-images-ssl-activated/. The author points out when 403 errors exist on images, in most cases, the hot link protection is enabled. By adding the https domain to the settings in the server this issue was solved.

I don’t know what he means by the last statement.

The same author also points out his hot link argument on this post as well to Arturo Lores, who stated his images and CSS weren’t showing when using https://: https://really-simple-ssl.com/forums/topic/problem-with-subfolders/

This makes me think there might be a bug in the hot link setup.

Anyways, I checked the htaccess file with hot links enabled and here’s the code:

#AIOWPS_PREVENT_IMAGE_HOTLINKS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.resurrectedhair\.net [NC]
RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]
</IfModule>
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END

If you notice the second to the last line, my domain name, resurrectedhair.net, doesn’t show the subfolder /test.

Could this be why hotlinks was causing the 403 image errors?

Also, am I supposed to have a copy of the .htaccess file one folder up from the subfolder test? How do you have your subfolders and htaccess files laid out for your three sites?

Thanks again for taking the time to investigate this problem!

All my best,

Joe

Hi, here is a copy of my .htaccess file entry for this feature enabled in one of my test sites.

#AIOWPS_PREVENT_IMAGE_HOTLINKS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://mbrsolutionhost\.com/wptest [NC]
RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]
</IfModule>
#AIOWPS_PREVENT_IMAGE_HOTLINKS_END

The only difference that I can see between your entry and my entry is the following path.

Your site entry

RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.resurrectedhair\.net [NC]

My site entry

RewriteCond %{HTTP_REFERER} !^http(s)?://mbrsolutionhost\.com/wptest [NC]

Let me know if the above helps you.

Kind regards

Hey mbrsolution,

Your solution kinda of helped. However, since I have a redirect to www and after reading stackoverflow, I might need to modify the following code:

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?resurrectedhair\.net/test [NC]

When I inserted this code and saved htaccess file, ALL of my 403 forbidden errors at least for my updraftplus backup plugin went away. I am not sure as a result of the www redirect if anything else needs to be changed in the htaccess file.

The strange thing is some plugins like Cloudflare and Askimet Anti-spam still have errors specific to .png. As a result, the images look distorted or unviewable even after I empty the cache, do a hard reload, and refresh the page.

Are you sure the following code is correct:
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteRule \.(gif|jpe?g?|png)$ – [F,NC,L]

Per stackoverflow: https://stackoverflow.com/questions/30782956/htaccess-hotlink-protection-add-image-exception, the recommend answer by Mike Rockett is having this type of syntax without the jpe?g?: RewriteRule \.(jpg|jpeg|png|gif)$.

I am sure your code is correct just trying to find other possible explanations.

Thanks again!

Hi, thank you for providing the extra information. That will definitely help further troubleshoot this issue.

I am going to get one of the developers to investigate further this issue. I am sure they will know what is going on.

Kind regards

Hey mbrsolution.

You’re an absolute charm and the best!

Thank you man. Again, this is low priority because I can live without the hotlinks on my testing site, but I know it’s all about refining your plugin for better future use.