What is Hotlinking and How to Prevent it in WordPress

What is Hotlinking and How to Prevent it in WordPress

Are you currently seeing an increase in bandwidth usage on your web hosting report, without any substantial increment in your website visitors? If yes, you may be a victim of hotlinking, and you need to quickly prevent it.

This guide explains what hotlinking is, and how you can prevent it on your website.


What is Hotlinking?

Hotlinking occurs when a website owner displays your image resources without hosting the image locally on their server. This is regardless of whether they give you credit for the image or not.

They do this by embedding your image URL in their website content. And whenever a visitor loads their page, your website resources are used to display the image.

Hotlinking images can cause strain on your server resources, especially if the hotlinker’s website receives much traffic. This can be harmful to your website’s performance and can be costly for you.

Hotlinking can be a copyright violation if you are the copyright owner of the image that is being hot-linked, and the person hotlinking did not take permission from you before using it.

It can also be a copyright violation if you take the image from a stock photo site that gives only you the right to use it. In that case, whoever hotlinks your image is violating the copyright of the image.

If the person hotlinking your images targets only copyright-free images, then there may be no copyright infringement going on here.

Should I Disable Hotlinking?

Hotlinking is bad for your website, it may cost you money, and it affects your website performance.

With the increased load resulting from external web pages, your site may become less responsive to legitimate users of your site.

This can result in a high bounce rate, making you lose customers and revenue.

Further, it makes sense to discourage this practice. It is bad enough that a person is using your image without your permission. But worse of all, they are using your web resources too.

You can decide to disable hotlinks to prevent further abuse of your resources. Keep in mind though that your images may not appear in places where you want them to like Google image search and Pinterest. To solve this, however, the methods to disable hotlinking generally have the option to exclude some sites.

How Do I Prevent WordPress Hotlinking?

In this section, we discuss the various ways you can prevent hotlinking in WordPress websites. Let’s jump in.

1. Use a WordPress Plugin to Prevent Hotlinking

You can block hotlinking on your WordPress website with WordPress plugins. And one plugin that is effective for this is the All In One WP Security And Firewall plugin.

This is a WordPress security plugin that in addition to securing your website against brute-force attacks, also gives you the option to enable hotlink protection.

It is one of our recommended plugins for WordPress security, and if you are concerned about your website security (which you should be), you can check out our complete guide to WordPress security.

To use this plugin to secure your WordPress sites against hotlinking, you first need to install and activate it. To do this, navigate to Plugins >> Add New from your WordPress admin dashboard.

Add new plugin

Next, type “All In One WP Security and Firewall” into the search bar, and locate the plugin from the list of options that appear in the results.

Install all in one WP security plugin

Click the Install Now and Activate buttons consecutively to activate the plugin on your Website. Once activated, locate WP Security on your website dashboard, then select Firewall.

All in One WP Secutiry Firewall Settings

In the firewall page, click on the Prevent Hotlinks tab and tick the “Check this if you want to prevent hotlinking to images on your site” option.

Select the Prevent Hotlinking option

Once you enable this option on your website, other website owners won’t be able to directly link to your images. The plugin prevents this by writing rules to your .htaccess files. We will explain more about these rules in another method.

If your WordPress hosting provider utilizes cPanel, you can take advantage of the Hotlink Protection feature.

To enable this feature, log in to cPanel and scroll down to the “Security” section. Once there, click on the Hotlink Protection option.

Hotlink Protection in cPanel

In the next page, click the Enable button to enable hotlink protection for your website.

Enable Hotlink Protection

To configure the hotlinking option, hit the back button. You will notice other options when you scroll down the page. The “URLs to allow access” option defines all the URLs that can directly link to your images. You can edit the list by adding more URLs or deleting the existing ones.

The “Block direct access for the following extensions” option allows you to define the list of file types you deny hotlink access to. You can edit the extensions by adding or removing them.

Also, you can check the “Allow direct requests” checkbox if you want to allow access to an image when the URL is pasted into the nav bar. You should check this box if your users view the files via Apple’s Quicktime.

If you want the hotlinked images to display another image instead of what is hot-linked, do the following. Use the “Redirect the request to the following URL” option, where you can paste a warning image URL.

Configure Hotlink Protection option

Once done, hit the Submit button.

3. Disable Right-Click For Images on Your Website

Another precaution you can take to prevent hotlinking on your website is to prevent visitors from using the right-click function of their mouse. Since they need to call this function before they can copy your image URL, disabling it is an easy way to prevent hotlinking.

You can do this with the “Disable Right Click Images” plugin.

Disable Right click to Prevent Hotlinking

This plugin disables the right-click property on every image on your website. Therefore visitors can’t download or copy links to your images.

To use this plugin, simply install and activate it. For more details, please see our guide on disabling right-clicking in WordPress.

4. Use a CDN that Offers Hotlink Protection

Most content delivery networks, such as Amazon S3 and Cloudflare offer hotlinking protection. Using this feature protects your website against intruders while allowing search engine crawlers access to your content. This way, you don’t need to worry about blocking out essential bots and crawlers that help in ranking your website.

We recommend that you refer to your CDN provider documentation to learn how to enable hotlink protection by using the included features.

Our guide on the best free CDNs for WordPress will help you decide on which provider to use if you’re on a budget.

5. Rename Your Image Files to Prevent Hotlinking

Since the images are hot-linked by using the direct link, you can rename the file to make it invalid on the hotlink website.

This is a temporary solution, and you should take further precautions to prevent future occurrences. It is mostly useful if you suddenly discover a spike in traffic to an image on your website.

WordPress does not offer a way to change your image file name after uploading them to the WordPress media library. To do this, you can download and install a free plugin – “Phoenix Media Rename”.

Prevent Hotlinking with Phoenix Media Rename plugin

This is an easy-to-use tool that lets you update your image files after uploading them to the WordPress media library. This plugin also updates the URL of the image in any posts the image is used in.

First, install and activate the plugin. Next, go to Media >> Library and switch to the list view.

WP Media Library

Now place your mouse over the image you want to rename and click Edit.

Edit Image File Name

In the edit page, scroll to locate “Filename” and change this as needed. When done, click Update.

Rename Image Filename to Prevent Hotlinking

Will Preventing Hotlinking Affect WordPress SEO?

Images are important to search result metadata. That’s because your website images appearing in search results can considerably improve your website SEO.

Therefore, you should take care not to deny search engine crawlers access to your image while preventing hotlinking. This way, you won’t hurt your image SEO.

Conclusion – Prevent Hotlinking

Hotlinking is bad for your website and your pocket. It can lead to slower loading times, and higher hosting costs.

In this guide, we have explained how you can prevent hotlinking on your WordPress site. Using any of the methods discussed, you can stop hotlinkers, and keep your website performance up to par.

As a reminder, take care to exclude crawlers and sites you want to be able to access your images when you disable hotlinking.

For further WordPress tips, check out our WordPress College.

 This post was written by Mesheal Fegor

Mesheal Fegor is a Web/WordPress Developer and technical writer. His WordPress help articles have been featured on Kinsta and other sites. Mesheal holds a master's degree in computer science. His writing focuses on technical WordPress issues, ranging from core WordPress problems, to issues with WooCommerce, and more.

Last edited by: FixRunner Team