Blog, WordPress

WordPress: How to Block http referer with htaccess

Apache Web Server used by most web-hosting providers give users option to deny access from visitors based on the website address that they came from. This was done via a command to block http referer with htaccess. Of course there must be strong reason as to why a visit should be blocked.

This function requires activation of 'mod_rewrite' on the server, and hence probably is a good idea to ask the technical support of your web-hosting provider. If it's not activated yet then ask technical support to enable it for you.

The first step that needs to be done to determine whether there's a need to block certain referer is by viewing CPU usage and other resources metrics in cPanel. Note the hour of a spike or a sudden increase in CPU usage and other server resources, which can sometimes make the website down and can not be accessed for a while. Jot down the time.

The second step is to download "Raw Access" data in group menu "Metric" in cPanel. Click "Raw Access" icon to download and save the file, and double-click the downloaded file to open zip, then open the file with a text reader to find the time when the spike occurred. Usually there will be logs of a specific address in large number of consecutive rows. Make a note of the web address.

How to Block Http Referer with .htaccess for a number of referrers is by entering the following command into the .htaccess file in your WordPress installation directory:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?blogabcd.co.id.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} seolagumu\.blogabcd\.com [NC,OR]
RewriteCond %{HTTP_REFERER} skyabcdcity\.com [NC]
RewriteRule .* - [F]


The first line after RewriteEngine On is to block referer that came from domain blogabcd.co.id and from all of its sub-domain. The second line is to block referer from a sub-domain, and the third line is to block referer from a certain domain.

At the end of the first line, and every single line before the last line, it must be ended with [NC,OR], while the last line should only be [NC]. Every additional line to block a referer, except the last line, must be ended with [NC,OR]. Failure to write it down correctly will make the website can not be accessed. If it happens then immediately do corrective action.

If to block only one referer, then use the following comman:
RewriteEngine on
RewriteCond %{HTTP_REFERER} domain\.com [NC]
RewriteRule .* - [F]


The blocked referrer will show '403 Forbidden' message, and there will also visible in "Raw Access" file the 403 number, replacing 200, on log of blocked website referer. If the log shows 500, then you may add a line ErrorDocument 403 "Forbidden" into your htaccess.

, seorang pejalan musiman dan penyuka sejarah. Penduduk Jakarta yang sedang tinggal di Cikarang Utara. Diperbarui: January 23, 2017.

Leave comments

Type it first, then click "Login ..." or "Posting".

« Newer©2021 FollowOlder »

Treat me for a cup of coffee, or just pray for those who make your life better.