This is a follow-up on this post:
forums.cpanel.net
The issue is that the hotlink protection in Toolkit doesn't work for me at all. I have been able to reproduce this issue on multiple servers. This particular example is for a CloudLinux 7.9.0 server running cPanel 100.0.4. The WordPress instance was installed via Toolkit and no changes have been made since it was installed.
When I toggle Enable hotlink protection I get confirmation that hotlink protection is enabled (see image toolkit-hotlink-settings.png). I think enabling the feature is supposed to add the same directives to the website's .htaccess file as cPanel's Hotlink Protection feature adds. If so, the file is not updated.
When I next check the Hotlink Protection page in cPanel is shows that hotlink protection is disabled (see cpanel-hotlink-settings.png).
If I enable hotlink protection in cPanel the .htaccess file is updated correctly:
And if I then disable hotlink protection in Toolkit nothing changes. The hotlink protection rules are still showing in the .htaccess file, and cPanel's Hotlink Protection page still shows that hotlink protection is enabled.
So, at no point does the hotlink protection option in Toolkit do anything, and it never syncs hotlink protection settings with cPanel's Hotlink Protection interface.
How does WordPress ToolKit keep track of debug settings?
I think I know the answer to this one but I just want to double-check... When you tweak debugging settings via WordPress ToolKit it writes rules to the wp-config.php file. But, if you then manually change (or delete) rules by editing wp-config.php directly ToolKit doesn't notice the settings...
The issue is that the hotlink protection in Toolkit doesn't work for me at all. I have been able to reproduce this issue on multiple servers. This particular example is for a CloudLinux 7.9.0 server running cPanel 100.0.4. The WordPress instance was installed via Toolkit and no changes have been made since it was installed.
When I toggle Enable hotlink protection I get confirmation that hotlink protection is enabled (see image toolkit-hotlink-settings.png). I think enabling the feature is supposed to add the same directives to the website's .htaccess file as cPanel's Hotlink Protection feature adds. If so, the file is not updated.
When I next check the Hotlink Protection page in cPanel is shows that hotlink protection is disabled (see cpanel-hotlink-settings.png).
If I enable hotlink protection in cPanel the .htaccess file is updated correctly:
Code:
# cat ~example/public_html/.htaccess
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.example.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]So, at no point does the hotlink protection option in Toolkit do anything, and it never syncs hotlink protection settings with cPanel's Hotlink Protection interface.
