8 Easy Methods To Prevent Image Hotlinking In WordPress

enquerer > Blog > WordPress > 8 Easy Methods To Prevent Image Hotlinking In WordPress

At times, it’s too hard to detect a problem until it has caused enough damage. Image hotlinking is one such problem. It can seriously affect your website’s performance and also your bottom line. That makes it necessary to prevent this practice before it takes effect.

But, for those who wish to prevent image hotlinking in WordPress, the platform already has a bunch of methods in its pocket. You can either use any plugin for the job or do it with the help of a Content Delivery Network (CDN). You can also do it manually without employing additional tools.

Here in this article, let’s discuss image hotlinking, it’s hazards, and how to know if your website is under such a trespass. We’ll then move on to learn the methods to prevent image hotlinking.

What is Image Hotlinking?

Image hotlinking is a very simple process. You go searching for an image on the web and use the URL of any image you find to display it on your website. That displayed image will be served from the original location. This is extremely handy for the hotlinker. But, from your point of view, it is actually theft as they are stealing resources from your website. This is as if we are hungry and out of resources, and is eating from a fellow eater’s plate.

Why You Should Disable Image Hotlinking In WordPress?

When other sites hotlink your images, they drain your server’s resources and might even cost you money (if you have to pay for bandwidth). Especially if you are using a managed WordPress hosting, chances are high that you have limited bandwidth.

Even though the image is appearing on someone else’s site, your web server still needs to process that request and deliver the image to that site. If that site gets a lot of traffic, that’s going to be a lot of requests for your server to process, which might slow down your site.

Beyond that, many hosts charge based on the amount of bandwidth that you use. Hotlinking images use your bandwidth as well. Hence, you might end up paying more so that someone else can use your images!

Some sites don’t mind – for example, some webcomics actually encourage people to hotlink images.

But unless you get some benefit from letting people hotlink your images, you’ll probably want to disable hotlinking on your WordPress site.

How To Prevent Hotlinking

Following are certain methods through which you can effectively prevent hotlinking.

1. Using KeyCDN

The content we deliver globally is mostly from our websites. In turn, we use a CDN network to accelerate the rate of delivering our assets. Certain CDN providers like KeyCDN comes with heavy hotlink protection which comes out-of-the-box and with an enable/disable toggle. That method is suggested due to the very fine-tuned rules they incorporate for bots and other referrers which shouldn’t be blocked in actual. An extra benefit from doing so on your CDN is that you don’t need to modify anything inside your WordPress installation.

When using KeyCDN, you just have to click Zone Referrers and add the rules. Still, the site parasites can access and index your images. KeyCDN also has a single-click option to let empty referrers per zone.

Doing so will facilitate hotlink protection for all assets only on your CDN, not your origin server. Therefore, if you are very much concerned about anyone hotlinking your images directly from your server, you can also enable hotlink protection on the origin server. To know how to do this, read the Apache and NGINX rules given in further sections.

2. Using CloudFlare


If the most common Cloudflare service is the CDN you use, it comes with built-in dashboard settings to disable hotlinking. They call it the Hotlink Protection.

For enabling the hotlink protection, go to the Cloudflare dashboard and then to the ScrapeShield tab:

Now, move down to the Hotlink Protection settings and set it ON.

If you desire to permit hotlinking for specific images, you can create a “hotlink_permit” folder and add the images that can be hot-linked. A typical use of this functionality is to allow people to hotlink your site’s logos or other marketing assets.

3. Using WordPress Plugins

A few WordPress plugins related to hotlinking are available in the market. Still, many of the single-use plugins are not very well maintained and carry below average reviews. Using such plugins are not recommended at all. It is generally better to enable hotlink protection at the server or CDN level. Anyway, if plugins are what you like to choose, have a look at the All In One WP Security And Firewall plugin, which is an excellent choice for all-around security with its built-in ability to restrict hotlinking.

The All In One WP Security & Firewall plugin has more than 500,000 active users with impressive ratings. Download it from the WordPress repo or by searching under “Add New” plugins in the WordPress dashboard.


Also Read10 Reasons Why WordPress Is Ideal for Entrepreneurs & Startups

4. Using NGINX

Nginx, which is pronounced as engine-ex, is a popular open-source web server. Since its opening success as a web server, it is now used as a reverse proxy, HTTP cache, and also a load balancer.

High-profile businesses like Autodesk, Atlassian, Microsoft, IBM, Google, Adobe, LinkedIn, Cisco, Facebook, Twitter, Apple, Intel, etc. are only a few of those using Nginx. In case YOU are using NGINX, just open the config file and add the following lines:

location ~ .(gif|png|jpeg|jpg|svg)$ {

    if ($invalid_referer) {

    valid_referers none blocked ~.google. ~.bing. ~.yahoo. yourdomain.com *.yourdomain.com;

       return   403;

   }
}

5. Using Apache

If you are using Apache to run your WordPress site, you just need to add the following after opening the .htaccess file in your site’s root directory. If the file is missing, create a new one.

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]

RewriteRule \.(jpg|jpeg|png|gif|svg)$ http://dropbox.com/hotlink-placeholder.jpg [NC,R,L]

The second line of the code permits blank referrers. It is recommended to enable this as some of the site visitors delete page referrers using a firewall or an antivirus. If you are restricting blank referrers, you could unwittingly retain all of your images from these users.

6. Disabling Right Click Activity

The allowed referrer is defined in the third line. That will be your website which is permitted to link to the image directly. You should update the dummy domain name above with your site’s domain name. In the fourth, fifth, and sixth lines, search engines are added to the allowed list. That is because you wouldn’t have to block crawlers such as Google or Bing bots. Blocking these bots could stop your images from displaying and indexing in the Google and Bing image searches.

The seventh line defines that image which you want your visitors to see instead of the hotlink protected image. Although this isn’t necessary, it will help you to give them a proper warning. In case you want to allow multiple sites, you can do so by replicating this row and replacing the referrer.

7. Renaming the Files in WordPress

Suppose you find a multi-source hotlinking to a single image in your website, you can simply rename the file and leave the crawlers with nothing other than 404 errors. Though this method is a quick fix which comes handy, it is a bit cumbersome for use against large scale hotlinking.

8. Using cPanel

In case you have a hosting manager like cPanel or WHM with your domain, these managers come with a single-click enable hotlink protection tool. All you have to do is go through the cPanel or WHM documentation and learn the easy settings to enable hotlinking.

Image hotlinking is a true pain for a number of websites, especially when those sites doing the hotlinking doesn’t including proper attribution. If such a thing happens to you, it will affect your site’s performance, and you’ll also miss your potential visitors when others make a profit with your content. All the above tips will be helpful for successfully preventing image hotlinking from your website.

If you like to share your concerns and observations, do it happily in the comment box below. Wish you a happy WordPressing! 🙂

Nabeel Aslam is a technical writer and content marketer for Flyingloop. He writes product marketing contents and blogs for WordPress and other web related services since he joined the team in 2018.

Leave a Comment