Protect Wordpress external links
Posted by Warith Al Maawali on Jun 3, 2013 in Blog, Source-Codes | 14 comments

As you notice all external links on my Blog are in order to protect the content from being copied. I tried to find a plug-in that does that but I couldn’t so I modified one that encodes external URLS to so instead of encoding the I will show you how to encrypt it with your own defined key. I will show you how I did it through simple steps if you wish having external links encrypted on your WordPress blog.
“Please note that the coder has merged my code with his from version 4.2.0 and above so if you are using version 4.2.0 and above you do not need my code.“
Instructions:
- You will need php mcrypt_decrypt installed on your server
- For CentOS just type
yum install php-mcrypt
- For ubuntu just type
sudo apt-get install php5-mcrypt
- Install WP No External Links plugin I am currently using version 4.0.2.
- Activate the plugin.
- Go to setting then wp-noexternallinks select the check box of Use base64 encoding…etc.
- Now go to plugin editor.
- Versions below 4.0 Select WP No External Links then select wp-noexternallinks-parser.php
- Versions above 4.0 Select WP No External Links then select public then public.php
Search for:
$url=base64_encode($url);
Replace it with:
$salt ='PSOtJIaJCSRthDJ3ZkcNZVubMYZOZZrn'; // <--- This is your secret key it can be anything you like remember only keys of sizes 16, 24 or 32 supported in mcrypt_encrypt. $url=trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $url, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
Then Search for:
$url=base64_decode($url);
Replace it with:
$salt ='PSOtJIaJCSRthDJ3ZkcNZVubMYZOZZrn'; <--- We use the same key to decrypt $url=trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($url), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
The reason for using known $salt key is if your content gets copied you can always change the key on both locations and all of the previous links will be invalid to the person who copied your article.
Troubleshoot:
I faced some difficulties with some of the social share links such as (Linkedin , pinterest , mailto , skype and local links starting with #). Though the author of the plug-in did exclude those strings but it did not work as expected so I had to tweak the code as the following:
Search for:
$this->debug_info('Not in exclusion list, masking...');
Add just before it:
if (false !== strpos($matches[2] . '//' . $matches[3],'javascript') or false !== strpos($matches[2] . '//' . $matches[3],'mailto') or false !== strpos($matches[2] . '//' . $matches[3],'twitt') or false !== strpos($matches[2] . '//' . $matches[3],'skype') or false !== strpos($matches[2] . '//' . $matches[3],'#')) { return $matches[0]; }
If you get your page and comments section messed up you will need to replace:
$pattern = '/<a (.*?)href=["\'](.*?)\/\/(.*?)["\'](.*?)>(.*?)<\/a>/si';
with:
$pattern = '/<a (.*?)href=["\'](.*?)\/\/(.*?)["\'](.*?)>(.*?)<\/a>/i';
If all links are labled as _blank you have to add:
$url=$matches[2].'//' .$matches[3];
After:
$ifnofollow=' rel="nofollow"';
Then replace:
return '<span class="waslinkname">'.$matches[4].'</span>'; if($this->options['link2text']) return '<span class="waslinkname">'.$matches[4].'</span> ^(<span class="waslinkurl">'.$url.')</span>'; $link='<a'.$ifblank.$ifnofollow.' href="'.$url.'" '.$matches[1].$matches[3].'>'.$matches[4].'</a>';
with:
return '<span class="waslinkname">'.$matches[5].'</span>'; if($this->options['link2text']) return '<span class="waslinkname">'.$matches[5].'</span> ^(<span class="waslinkurl">'.$url.')</span>'; $link='<a'.$ifblank.$ifnofollow.' href="'.$url.'" '.$matches[1].$matches[4].'>'.$matches[5].'</a>';
Output examples:
Normal URL to Husmail
https://www.hushmail.com
With WP No External Links plugin (base64)
http://www.digi77.com/goto/aHR0cHM6Ly93d3cuaHVzaG1haWwuY29t
With WP No External Links plugin + Encryption
http://www.digi77.com/goto/HkiabvdkLqUt0uihqCaFE0tXqo1T4CccxSSjvehwcu0=



Latest posts by Warith Al Maawali (see all)
- Apple iOS Mail Client leaking highly sensitive information - December 27, 2019
- Validating VPN nodes - November 3, 2019
- Migrating from php 5.6 to 7.3 - November 1, 2019
- Linux Kodachi 8.27 The Secure OS - October 20, 2013
- Migrating from Vbulletin to Burning board - March 27, 2016
Please note that the coder has merged my code with his from version 4.2.0 and above so if you are using version 4.2.0 and above you do not need my code.
Omg, this worked for my blog. I have a question though, does this affect SEO?
Hi Ado,
I don’t think so but u should consult SEO expert.
Dear Jehy,
First of all thank you for putting the effort on delivering such a nice WordPress Plugin. I tried to use the parser but I got an error when trying to override the encoding function. So I decided to modify the original script again and it worked smoothly as you can see on my blog now. If you have got the time you can take my changes on your latest version here and show us how to override it on the custom-parser.php file.
Hello!
Please, update to version 3.5.8 and try it like this:
http://jehy.ru/articles/2014/12/09/encrypting-links-for-wp-noexternallinks/
Dear Jehy,
Thank you, when I updated without changing anything I had all my page messed up starting from the comments section and below the solution was as the following:
Replace:
with:
I also tried deploying the custom-script.php but it returned a blank page due to errors so I had to stick to the old method.
I have updated the script above to match your latest updates.
Hello! I am the plugin developer. I liked you code so I made plugin parser class overloadable in version 3.5.1. You can define your own parser and redirect functions and they will stay with you even after plugin update!
like even though the link is encrypted in sorce the people can just click this link h
and the real source link i wish to hide that link entirely
Dear AJ,
If you plan to hide the links even after they are clicked then this plugin has to be modified to have that feature. All you need is server side scripting like PHP file to process the encrypted link and display it on HTML frame. Unfortunately the current modification does not include that you will have to tweak it by your own.
It is exactly what I wanted
I want to embed outbound link count 10 seconds and advertising you help me?
Hello Richard,
I am glad it was useful for you I did not clearly understand your need please elaborate and I will try to help.
hey i have a video site with a lot of video embeds can i use this plugin to encrypt the video link so they dont get stolen ?
thanks for your time
Yes as long you are using WordPress you can always encrypt your links…
Check out this post and see how links are protected..
wait i dont think you understand what i am trying to achieve basically i dont want the link to be visible at all in source for example
http://www.youtube.com/v/sNM50vxl1Ec should be hidden and encrypted that people cant get this link when they open the encrypted link
is this possible i tried all you have metioned above and see no change