Wordpress hotlink protection not working with domain alias

[levilsdarum]

TITLE:

Wordpress hotlink protection not working with domain alias​

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:

CentOS Linux 7.6.1810 / Plesk Onyx v17.8.11 / Wordpress 5.2.3​

PROBLEM DESCRIPTION:

When enabling the hotlink protection, using the WordPress Toolkit, images can't be loaded through aliased domains, only the subscription is allowed to view the images.​

STEPS TO REPRODUCE:

Create subscription/domain a.com, install WordPress, upload an image (in a page, for example). In the media gallery on a.com/wp-admin, the image will be visible.

Then create a domain-alias, for example b.com. Go to b.com/wp-admin, go to the media gallery, same image(s) will be visible.

Now, use the WordPress Toolkit to enable hotlink protection on the installed WordPress on a.com.​

ACTUAL RESULT:

When opening the media gallery a.com/wp-admin, the images are still there.

When opening the media gallery on b.com/wp-admin (the same site, just an alias), all images will be replaces by an images showing 'This image was hotlinked'.

EXPECTED RESULT:

When hotlink protection is enabled, is should be possible to view images on the subscription / main domain, as well as on it's configured domain-aliases.​

ANY ADDITIONAL INFORMATION:

​

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:

Confirm bug​

 

[IgorG]

Thank you for the report!
Here is developer's reply:

I created the bug: EXTWPTOOLK-3533.
At the moment hotlink protection allows access only through main domain name, and disallow any aliases.