How to Prevent Hotlinking on Your WordPress Website

Last Updated on March 9, 2023 by 4 Comments

How to Prevent Hotlinking on Your WordPress Website
Blog / WordPress / How to Prevent Hotlinking on Your WordPress Website

As a website administrator, you have to be vigilant in protecting your website and data from potential security threats. In addition to assessing your site security from all angles, such as identifying and addressing vulnerabilities and potential exploits, you’re also responsible for guarding the bandwidth you pay for. One way to protect against bandwidth theft through hotlinking is by utilizing a reliable security plugin. Hotlinking is a method internet users employ to piggyback off your bandwidth. This could cost you money if you don’t prevent it.

In this article, we’ll go over what hotlinking is, why it’s a problem for your WordPress website, how to tell if someone is hotlinking from your site, and how to prevent it from happening in the future.

Let’s jump right into it.

What is Hotlinking?

Essentially, hotlinking is the theft of your bandwidth and specific assets from your website. It involves an internet user–whether that’s another web designer or a blogger posting on another site–taking the source code from a piece of your media and linking directly to it from the site they’re working on. The content they link to could be a photo, graphic, video, or other piece of visual media hosted in your site’s space.

Rather than using their own bandwidth to host the media, they link to yours so it will display on their site or post. They don’t bother to upload the image to their own hosted space. Oftentimes, people who hotlink also aren’t using the media with your permission or the necessary licenses to do so. When this happens, you can bet they’re also skipping the all-important step of attributing the content to its original owner or creator.

As though stealing your site bandwidth wasn’t bad enough, hotlinking often amounts to copyright infringement. A user might be lifting your intellectual property (IP) without asking, or using a stock photo they didn’t purchase a license for. Although they may not be aware of the gravity of the situation, hotlinking can actually land the offender in hot water with both you and any other owner of the media they’re using.

Why Hotlinking is Bad for Your Website

Hotlinking is bad for your website because the offending user is using bandwidth resources you’re paying for. In extreme situations, that’s like a neighbor filling their swimming pool with water from your hose: they get the water, and you’re stuck with the bill.

Not only does hotlinking equate to the theft of your resources; it could also mean theft of your IP. It’s bad enough to have someone lift your bandwidth, but stealing resources you worked to create for your audience takes it to another level. Your best bet is to learn how to identify whether your images or videos are being hotlinked, then implement measures to keep it from happening again.

How to Tell if Someone is Hotlinking Your Images

When someone hotlinks your images, they use your image URL to link back to your site. This method pulls your image (or other media) onto their site and displays it. Right-clicking on someone’s site to inspect the image’s source code will tell you right away if they’re hotlinking.

Sometimes, when someone is hotlinking your images, you might experience a dip in your website’s performance. You may also learn that you’ve exceeded your allotted amount of bandwidth, and your web host is going to charge you more for the amount you’re using. If this is the case, you’ll need to investigate further to find out whether someone else is pulling from your space.

How to Find Hotlinks Via Google Images

There’s a simple method you can use to check for hotlinked images via Google Images. You’ll need to open a new browser tab and navigate to Google Images, then enter the following command line in the search bar. (Be sure to replace “websiteurl.com” with the correct URL.)

inurl:websiteurl.com -site:websiteurl.com

In this case, we checked out the Elegant Themes website, so the command looked like this:

inurl:elegantthemes.com -site:elegantthemes.com

Your search results may yield images that are currently being hotlinked from your website. However, don’t assume that just because your images show up, they’re being hotlinked. Sometimes, they are not. It’s important to keep that in mind before you begin. For example, our search results yielded a number of sites that feature Elegant Themes images, but upon further inspection of the source code, we found that many were not hotlinked.

When we entered the command into Google Images, here are the results we got. For privacy purposes, I covered the URLs because in this case, I didn’t run across hotlinked images.

This search allows you to see both branded images and the sites they appear on. Proceed with caution, though: sometimes, the search results might include your images, but the images may not be hotlinked at all. To investigate further, you can right-click on each image and inspect its source code. This will tell you whether the image is being hotlinked from your site.

Luckily, there are some solid ways to prevent hotlinking to media on your WordPress, so let’s look at those next.

How to Prevent Hotlinking on Your WordPress Website

Preventing internet users from hotlinking on your WordPress website is fairly straightforward. There are some basic ways you can do this yourself, as well as plugins that help make the job simple.

Change Your Image Filenames Or Move Your Images

One quick way to keep your images from displaying on someone’s website is to simply rename your files or move the images to a different folder. This will immediately break any links the offenders are using on their sites. Of course, it’s really a temporary fix. They can always come back and lift the new filenames from your site later.

Swap Out Your Images

While this method still uses your bandwidth, a great way to make an impression on hotlinkers is to swap out your images. In other words, upload a new image with the same filename that indicates, to the hotlinkers’ site visitors, that they’ve stolen your property. Doing this won’t ease your site storage woes, but it will get your point across.

A great example of this is when Matthew Inman, creator of The Oatmeal, called out The Huffington Post in 2015 for hotlinking comics from his website without permission. He swapped the stolen images out with an image of his site hosting bill, in addition to humorous drawings to troll the online publication.

Insert Code Into Your .htaccess File

You can insert code into your .htaccess file (accessed via your FTP client) that prevents other internet users from hotlinking your assets. Login to your FTP client of choice, such as FileZilla, then navigate to your public_html folder to locate .htaccess.

Before you begin, make sure to make a copy of your .htaccess file and save it locally in case you run into problems. (It’s also a good idea to make a backup of your site before you work in this file.) Once you’ve made your backups, open your .htaccess file to edit. Simply right-click the file and choose “View/Edit” from the drop-down menu, and it will open in your default text editor.

You’ll need to add the following lines of code to the file (remember to replace “siteURL.com” with your website’s URL):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteURL.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp|tif|tiff)$ - [F]

That’s it! Your hosted media should now be protected from hotlinking.

Prevent Hotlinking Via Your CDN

If you’re using a content delivery network (CDN) such as Cloudflare, Sucuri, or KeyCND, you likely have an option to block hotlinking from the CDN itself. For Cloudflare users, for example, the CDN has a feature called Scrape Shield that you can enable to protect your content from being hotlinked. It also protects email addresses and content from the server side.

Prevent Right-Clicking On Your WordPress Site

It’s possible to prevent users from right-clicking on your WordPress site to save your images, or to grab the image URL for hotlinking. You can install a plugin such as WP Content Copy Protection & No Right Click to get started.

The plugin has multiple content protection features beyond right-click prevention, including preventing users from highlighting and copying the text on your site. Other plugins that disable right-clicking on your WordPress site include Disable Right Click for WP and No Right Click Images Plugin.

In addition to installing a content protection plugin, it’s also a good idea to consider watermarking your images. You can read about our favorite watermark apps here.

Hotlinking Frequently Asked Questions

How do I know which hotlink protection method is right for me?

Your chosen method of hotlink protection really depends on your needs and your technical abilities. For example, if you don’t tend to work on your site’s code, adding a command to your .htaccess file might not be the best option for you (of course, you could ask your developer for help if you’re working with one). If you’re working with a limited budget, you won’t want to swap out your images to make a point on someone else’s site–instead, you’ll want to prevent that bandwidth from being used at all. Consider your individual needs, then select the solution that feels like a fit.

I’ve protected my website from hotlinking, but someone was able to steal my content before I disabled right-clicking. How do I get them to remove it?

You can issue a DMCA takedown notice to start the process of getting your IP removed from offending websites. Ensure you have a copyright notice on your website, and register it with the U.S. Copyright Office for extra protection. You can read about how to do that here.

I disabled right-clicking on my site, but someone still took screenshots and is using the screenshots anyway. What should I do?

You can issue a DMCA takedown notice for the copied content. In the future, consider watermarking your images so that even if someone takes a screenshot, that watermark will still show up. It will indicate to their site visitors that they’ve lifted content from somewhere else on the web.

Summary

Hotlinking can be an aggravating and costly issue when you run a WordPress website. Thankfully, it’s preventable so that you can protect your content and bandwidth, and go about your business. With the right combination of tools and protective measures, you can prevent a wide range of digital theft.

Do you use any form of hotlinking protection on your WordPress site? Tell us about it in the comments.

Article featured image by astel design / shutterstock.com

Divi Cyber-monday Sale

It's The Divi Cyber Monday Sale! Save Big For A Limited Time 👇

Save big on Divi and Divi products for a limited time.

Access The Sale
Divi Cyber-monday
Premade Layouts

Check Out These Related Posts

WordPress Security Guide for Busy Freelancers (2024)

WordPress Security Guide for Busy Freelancers (2024)

Posted on November 22, 2024 in WordPress

Though WordPress is built to be secure, it’s not entirely safe. It requires regular maintenance, and your responsibility increases even more when you manage your clients’ WordPress. This WordPress security guide lists effective set-it-and-forget-it ways for freelancers and agencies to...

View Full Post
Best WordPress Black Friday & Cyber Monday Deals! (2024)

Best WordPress Black Friday & Cyber Monday Deals! (2024)

Updated on November 26, 2024 in WordPress

Black Friday is the ultimate shopping holiday, and this year, we’re spotlighting some of the top deals outside the Divi ecosystem. These exclusive offers on industry-leading tools and services are designed to help creators, marketers, and entrepreneurs like you elevate your projects without...

View Full Post

4 Comments

  1. Hi, I have used the hotlink prevention method before, I think using my CPanel.

    However, when I did this, the featured images when shared on social media sites, e.g. FB, LinkedIn, etc, don’t show up, so that created a problem. So in the end I deactivated this method in order to get my images to appear on social media posts for better promotion.

    Also, when I used the hotlink prevention, I also lost a lot of backlinks.

    Is there a way to prevent hotlinking without having these 2 problems?

  2. Excellent compilation to avoid hotlinking, don’t forget also that through the popular hosting managers like cPanel or Plesk there is also an option to avoid it, maybe for a medium-low knowledge user it will be easier.

  3. Haley, thanks for this post, I actually checked my site and, although I can’t find any hot-links that are obvious, I did find a website that came up with the link you provided, and when I checked the code on that site, there are 32 mentions to my website URL but I am not sure what is it doing or what is it linking to.

    I added the code to my .htaccess file but I’d love to know what’s really going on behind that website. I don’t know if it’s alright to post the result I get here, so first I want to check with you, as I am sure I am not the only one out there with this issue, but many of people don’t really know how to check the code behind a site.

    Any help you could give me to understand what’s going on would be greatly appreciated.

  4. Thanks!! A timely post! Watching some random traffic and sure enough, a couple of images were being pirated away!

Leave A Reply

Comments are reviewed and must adhere to our comments policy.

👋 It's The Divi
Cyber Monday Sale!
Get The Deal
Before It's Gone!
Get Started With Divi