Restrict page access to specific referrer URLs

Referrer URL is the address of the webpage that sends users to your website. For example, you find our PDA Gold on the WordPress plugin repository. On this page, you click on “Check out our Gold version now” and are redirected to our Features page. This link, https://wordpress.org/plugins/prevent-direct-access/, is called a referrer link.

Generally, you need to know referrer links to analyze your website traffic: How do potential customers find you? There are also cases where you want to restrict or allow users to access your private pages from specific referrer links. That is when our Protect WordPress Pages & Posts (PPP) plugin comes in handy.

Referrer Links

After activating PPP Gold successfully, go to a page or post you want to protect and click “Configure protection”.

Switch to “Referrer Links” after protecting the post and you will see 3 options:

(1) Disable referrer links

By default, this feature is disabled. Only certain user roles set under “Access Permission” can access your protected content.

(2) Allow all referrer links

When this option is selected, users have to access your page through a web page’s content (that’s linked to yours).

Users won’t be able to access your private page directly unless they have the right user permission. In other words, if they copy and paste your page’s link directly into the browser’s address bar, they won’t be able to see the content.

(3) Allow specific referrer links

Specify the referrer links from which you want to give access to your private content. Similar to the second option, there are only 2 ways users can access your content:

  • Click on the page URL from the specified referrer links
  • Have the right user permission set under the Access Permission tab

* will match any sequence of characters (including the empty sequence). If you enter something like https://preventdirectaccess.com/* to referrer whitelist, you accept all referrer links under this domain.

Please use the page’s original URL (not our private access link) when embedding it on your referrer content.

Referrer-Policy

When you block or grant someone access by referrer links, you might come across the Referrer-Policy term. Its value tells browsers which referrer information is included with the page request.

This referrerpolicy="no-referrer-when-downgrade" value is set by default. In other words, referrer links won’t be sent with the requests from HTTPS to HTTP due to the protocol security. If you allow users to access your private content from https://preventdirectaccess.com/*, for example, the content’s link must be hosted on an HTTPS website too.

Limitation: Our feature won’t work properly if you use referrerpolicy="origin"

Target = “_blank” and rel=”noreferrer noopener”

From the WordPress version 4.7.4, when users set target=”_blank” to a hyperlink, rel=”noreferrer noopener” will be added automatically into the link too. This is part of a security issue fix of TinyMCE on 23rd Nov 2016.

This default WordPress feature will also prevent you from whistling or blocking users via referrer links as well.

Lasted updated on October 3, 2019