cPanel has become a standard for turning standalone servers into automated hosting platforms. Tasks are replaced by web interfaces and API-based calls. cPanel is designed with multiple levels of administration and provide multiple levels provide security, ease of use, and flexibility for everyone from the server administrator to the email account user.

One of cPanel’s features is under the Security section, called Hotlink Protection. Hotlink Protection is a tool that can deny access to specific files to prevent “leeching”. However, when enabled, the fancy URLs known as permalinks get destroyed. The results could be 403 and 404 errors. The reason is simple and so is the solution.

The goal was to test Hotlink Protection. To do so, go to cPanel > Security > HotLink Protection. The interface is simple to use, after a quick glance, pressing the Enable button will activate Hotlink Protection.

After testing Hotlink Protection and then disabling it, I quickly learned that all pretty URLs were returning 404 errors. Subdomains were returning 403 errors. I thought maybe it was something that was included in the .htaccess, so started to eliminate a few lines at a time only to discover that nothing worked. The reason, the ReWriteEngine On was missing from each .htaccess file. It appeared that the Hotlink Protection feature removed RewriteEngine On. After replacing the RewriteEngine On in each .htaccess everything was back to normal.

A quick internet search reveals that this issue is widespread, the conclusions the same, and the fix.

Additional references
cPanel Hotlink Protection Breaks WP Permalinks
cPanel Hotlink Protection or my own code in .htaccess?