Hi, my name is
Lee Harris and
I'm a Freelance Web Designer

WordPress: Restrict direct access to files – Prevent hotlinking

14.Jun.2022 | ,

A useful bit of code to prevent files from being accessed (or hotlinked) in WordPress.

Prevent files from being directly accessed unless the user is logged in by pasting the following code into your .htaccess file.  This is useful if you have a secure area on your website and you want to prevent secure files being shared via direct link.

You can specify file types by separating with a pipe symbol. Edit as required.

Paste the following code after “# END WordPress”.

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_COOKIE} !.*wordpress_logged_in.*$ [NC]
    RewriteCond %{REQUEST_URI} ^(.*?/?)wp-content/uploads/.*\.(?:pdf|txt|rtf|xlsx?|docx?|mp3|mp4|mov)$ [NC]
    RewriteRule . http://%{HTTP_HOST}%1/wp-login.php?redirect_to=%{REQUEST_URI} [L,QSA]


  • html5
  • css3
  • sass
  • php
  • WordPress
  • WooCommerce