The first thing you need to do is disable direct access to the directories the files are stored in by uploading blank index.html files to wp-content/uploads/ and all of its subdirectories. That way no one can go browsing around your upload directories finding that media manually.
In order to keep search engines from crawling your protected pages and users viewing it for free in searches, you may also want to add noindex meta tags to the section of your protected pages:
<meta name="robots" content="noindex">
Or you can disallow the protected pages manually, or the protected directory as a whole by adding them to your robots.txt file.
To prevent hotlinking of images and other media, you’re going to need to upload the premium media to a specific directory, then simply add the following ReWrite rule to your .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain/wp-content/uploads/premium/.*$ [NC]
RewriteRule \.(gif|jpe?g|png)$ - [F]
Add as many file extensions as you’d like on the last line, separated by pipes. Obviously, you also want to replace your_domain.com in the code above.
If you’d like those who hotlink to see a “no hotlinking”, use the following code in your .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/wp-content/uploads/premium/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.domain.com/no-hot-linking.jpg [R,L]
You can also change the final line of the above code to a specific URL you’d like to re-direct visitors to, like your homepage or a landing page asking users to become a premium member to view the content.