Implementing Hotlink Protection for R2 Media Files on a WordPress Site

I have a website powered by WordPress.

The core WordPress files are hosted on a web hosting service. I use R2 as a media file storage with the help of the Media Cloud plugin Media Cloud for Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean Spaces and more – WordPress plugin |

I have set up Hotlink Protection on my hosting, but I can’t do the same with my R2 files. Here is an example of such a file:

I thought about linking a domain to the R2 bucket, but that would require changing the A record and disconnecting the domain from the hosting. This is not a suitable option. How can I prevent external websites from using files from my R2, while still being able to post them on my own site?

The domain isn’t meant for production, so I’d move off that regardless of hot link protection.

As far as hot link protection, there’s a few ways you could do it… for example, generate presigned URLs that expire shortly after they are given to users. Then your server controls who can view them and for how long.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.