Security and WordPress
Q:
We have seen that numerous sites are hotlinking our images without permission, and it’s affecting our server resources. Is there a method we can implement to block or prevent this unauthorized use of our resources?
Issue
The client needs to find a solution to stop the problem of other websites hotlinking their images, which is depleting their server resources and bandwidth.
How to prevent hotlinking on a website?
Hotlinking, also known as image theft, bandwidth theft, inline linking, or file leeching, can occur when other websites link directly to the images on your website from their articles without your permission. These other websites take advantage of your server resources causing your own site’s performance to decrease.
On the surface, what’s the harm, right? “While hotlinking is great for the one sharing the URL, it can cause troubles for the owner of the content” explains Namecheap support.
“Even though hotlinking images or content isn’t illegal, it’s an unethical and unprofessional practice” offers Mailchimp. “If you’re operating a family-friendly website or trying to maintain your image as a reputable business, you don’t want bad actors using your assets in a negative way.”
You can use several techniques to prevent hotlinking from happening on your website:
1. Update .htaccess File
If your server supports .htaccess files (servers like Apache), you can add a few lines of code to block hotlinking. Open up the .htaccess file in the root directory, then insert this code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
Remember you will need to replace ‘yourdomain.com’ with your actual domain name. This code will block all websites except yours from using images hosted on your server.
2. Using Plugins
You can also prevent hotlinking by using plugins if you use a Content Management System like WordPress. Plugins such as All In One WP Security & Firewall and Hotlink Protection Plugin can help.
3. Use a CDN
Another effective way of preventing hotlinking on your website is by using CDNs like Amazon S3 or Cloudflare which provides built-in hotlink protection.
4. Using Site-wide Password Protection
You could also stop hotlinking by setting your site to ‘password protected’; however, this could affect user experience, and is typically only useful if your site contains sensitive or premium content.
Remember, blocking hotlinking will result in the image not being displayed on the site that was linking to it. It is advisable to communicate with the sites linking to your content prior to taking action so as not to build hostility or negatively affect those websites’s user experiences.
Additional reading
- Hubspot does a great introduction to Hotlinking, with a lot of great info about this and the impact it can have on your business.
- Discover other methods for preventing hotlinking on the WP Rocket blog, in an article by Alexandra Gavril.
- Learn about how hotlinking affects your website on Kinsta, in an article by Brian Li.
- Excellent resource on Hotlinking from the engineers at Namecheap Support. Check it out here.
