WordPress plugin to avoid Hotlinking of images and videos hosted on Amazon S3
Amazon S3 is one of the most trusted and efficient clouding platform. Many people uses it to store their valuable content like video tutorials, pictures etc. Webmasters who are providing some exclusive contents to their members always worry about the unauthorized access of their files. Which means other people who are not member of owner’s site can actually access Amazon S3 content. This is called Hotlinking. As on Amazon S3, you will be charged when people will access your content i.e. the content will be downloaded. As others are hotlinking to your Amazon S3 content which means they are downloading it in some manner and your Amazon S3 account is charged for that. To restrict access of your S3 content, you can use ACL options thru which you can restrict access for files to everyone. That means your site’s members also can’t view or access your files. That’s why you need to use something which can actually stop access for files to unauthorized people and only play videos or open images for authorized people.
Amazon S3 is having an option called “Get pre-signed URLs”. By getting this kind of URL, one can access content of your S3 account for certain period. Yes, this kind of URLs has an expiry period after which the URL will not work. This is a temporary solution because after certain period, again your will have to generate this kind of URL from S3Fox organizer and will have to update the link on your site which is a manual process. Here is the screenshot of “Get pre-signed URLs” option on S3Fox.
To get more from this option, many web developers has written script which create such URLs on hourly or daily or half hourly basis and update the link on your site automatically. Even you can set the time interval between generation of new pre-signed URLs. Now this auto-generated and linked URLs will definitely stop hotlinking. For example, you can set the time interval to 15 min. so that even anyone hotlinked your video and shared that on his own site as a download link, visitors of his/her site can’t access your videos as the link will not work.
Such script is used in S3flowshield WordPress plugin thru which you can stop access of S3 files to unauthorized users on web and that will definitely help you reducing Amazon S3 bills. To stop hotlinking of images stored on Amazon S3, here is a nice tip shared by Amit of Labnol.
S3flowshield in Action on WordPress Dashboard
Amazon S3 hotlinking prevention is one of the most important thing to do after uploading the files over there. If you are running membership sites like WordPress MU with membership options with BuddyPress community and planning to share some video tutorials then always think of preventing unauthorized and un-allowed access to files using these techniques.