Lately I was dealing with a plugin that I’ve been using for a long time to prevent hotlink images for my sites. Suddenly, it just stopped working. If you have never heard about hotlink, basically it is when someone uses and load some of your resources (i.e: display your images) from your own server, usually without your permission. Or like Wikipedia says “is the use of a linked object, often an image, on one site by a web page belonging to a second site”.
This plugin is ByREV WP-PICShield and it’s great, well done and robust, but unfortunately its author has not updated it for 2 years now and I guess there is no intention to do so. Even the wordpress.org official plugin url is not working anymore.
You can still grab it from github though.
In fact, I found the solution for my problem in one of the commits there.
Actually, this was the error I was getting exactly:
PHP Warning: mysql_real_escape_string(): Access denied for user ‘mysite’@’localhost’ (using password: NO) in /home/mysite/public_html/byrev-wp-image2url.php on line 43
Clearly, there was a mysql function that was not working anymore. That results in one of the functions used to get the attachement url returning a “null” value. All my images (attachment) pages coming from the googlebot were not finding a place to go, therefore since I have a 404 to 301 plugin setting in my site to make all 404 goes to the homepage of the site, all those visitors where being redirected to my homepage. Without this redirect you might be getting a mysite.com/image-not-found page error or similar.
Since mysql_real_escape_string() extension was deprecated in PHP 5.5.0, there is a small change you have to do in your /home/mysite/public_html/byrev-wp-image2url.php to make the plugin work again, if you are facing the same issue.
- Go to line 43
- You’ll see that it will look like this:
12$imageURL = htmlspecialchars($_GET['src']);$imageURL = mysql_real_escape_string($imageURL);
- And you have to make it look like this:
12$imageURL = htmlspecialchars($_GET['src']);$imageURL = esc_sql($imageURL);
So, the only thing we are doing is replacing the mysql_real_escape_string function for the for the esc_sql function.
There is one more thing you will need to do. Replace that same line in the file placed at wp-content/plugins/byrev-wp-picshield-hotlink-defence/raw-code/byrev-wp-image2url.php, since this is the core file which is copied to your document root after you change the plugin settings. In other words, this is the “template” file used to create the “real” byrev-wp-image2url.php file in your public_html folder (or whatever your document root is), which is the file wordpress in fact will use to make hotlink works. If you don’t do this final step, whenever you change something in the plugin settings page, the raw file will be copied and will overwrite our main file without this change.
Well, that’s it. It should be working now. There is no need to change any settings in your .htaccess file.
Hope it helps to save some of your most valuable asset in this world: your time. If it did, leave me a comment! 🙂