WordPress feed redirection and hotlink protection

If you’re running WordPress on your site and would like to track your RSS feed subscription numbers, I’m sure there are quite a few ways to go about it. You can even do things like adding an html page in between your feed link and your feed and linking them with a meta refresh and then tracking those clicks in Google Analytics. More on that can be found here but in my case, I decided I’d be content decided to use Feedburner to do my RSS tracking, so I decided to read up on the best ways to redirect my built-in WordPress feeds to Feedburner. If you go by what Feedburner Help says, they would have you install a WordPress plugin to do the job for you. While this may work fine for most people and maybe some people would rather not deal with anything technical, I wasn’t really content with this. After all, why install another plugin when you don’t really need it? The best way to redirect your main site feed and your content feed would be to add something like this in your .htaccess file, making sure to edit it to reflect the appropriate values.


#BEGIN Feed redirect

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/?(feed.*|rss.*|comments.*) [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
RewriteRule ^feed/?.*$ http://feeds.feedburner.com/sitefeedpath [L,NC,R=302]
RewriteRule ^comments/?.*$ http://feeds.feedburner.com/commentsfeedpath [L,NC,R=302]

#END Feed redirect


If you’d like to read more about how things work and see some more examples for practical use of this sort of redirect, you can go to Jeff Star’s excellent post over at Perishable Press.

Another issue to worry about when running a site is the issue of hotlinking. Essentially what this means is that someone cal steal your bandwidth by linking to your files directly instead of hosting them on their own server space. There are people out there who do this intentionally and will strip images from RSS feeds or browse the internet looking to steal images links from sites. In order to prevent this sort of thing, there are more things we can do in our .htaccess file. As written in detail at altlab, to prevent hotlinking and replace the intended linked image with a different image, you could do something like this:


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]


If you want to block specific sites from requesting the images, then something like this can be used:


RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]


You’d need to create an image in your /images directory called nohotlink.jpe (or edit the code to use a different file name) and any time one of the coded file types is requested for your domain from an external source, your custom image would display instead. You could create a simple warning image here, or get creative. An alternative to this would be just to simply return a 403 error instead of an image:


RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]


If you’d like to check whether your site is vulnerable to hotlinking, you can check over at altlab.