EDIT: This will prevent all non-authenticated users from getting to your services. If you need users in your domain who aren’t authenticated to access the services, let me know and I’ll update accordingly.

Are you using authentication in your ASP.NET application?

<system.web>
  ...
  <authentication mode="Forms">
    <forms protection="All" defaultUrl="login.aspx" ... />
  </authentication>
  ...
</system.web>

If so, your .svc files will be inaccessible until your users authenticate. If a non-authenticated user tries to access a .svc file, they will be redirected to your login page.

EDIT(2):
Since you need non-authenticated access to the services within your site, one thing you can consider is having a cookie that’s sent to the user’s machine upon the first visit to the site. The cookie could use a create date and some secret key to create a hash, and you can validate the hash on the server for each request. Requests from other sites wouldn’t pass the cookie and your service would manually check to see if that cookie is there or not — if it’s not there, then the request is denied.

If your WCF services has ASP.NET compatibility enabled (true) and AspNetCompatibilityRequirementsMode set to Allowed or Required, you should have access to HttpContext and cookies. Here‘s more information about ASP.NET compatibility mode.

This may not be the most appropriate solution as I don’t know your scenario and requirements. But hopefully this helps.