Hotlinking: Key Reasons to Avoid and Methods to Protect Your Site
Hotlinking is the act of using another site’s bandwidth by displaying their website asset – like an image, video, or audio file – on a different website via a direct web link.
When this happens, the original website owner must cover and pay for these server resources each time a web browser wants to load and view the asset.
If you’re a website owner or a web user in general, you might have heard about hotlinking. Many webmasters consider it bad practice because it can put websites at a significant disadvantage.
For example, Website B’s owner found a funny meme on Website A and decided to use it on their website. But instead of saving the image on their computer and reuploading it, the owner of Website B links the image directly from Website A to instantly show it on their site.
Even though people can see the meme on Website B’s site, the origin server is still storing it. In other words, server resources from Website A are used every time a user views the hotlinked image. If Website B receives high traffic, a significant amount of Website A’s server resources will be used.
This article will explain why you should avoid hotlinking and how to stop doing it. For web administrators, we provide four methods to protect your website from hotlinks: using hPanel, an FTP client, a content delivery network (CDN), and WordPress plugins.
Reasons to Avoid Hotlinking
It’s a fact that hotlinking negatively impacts website owners the most. For those who do it, hotlinking might seem like an easy way to acquire website assets, but in reality, hotlinking can harm them too.
Let’s go over the five main reasons why you should avoid hotlinking at all costs:
- Reusing assets without permission is unethical. Reusing content assets without authorization is theft. Unless the content is under the creative commons license, you have to acquire the permission and rights before using it on your site.
- Hotlinking can have legal repercussions. Hotlinking copyrighted content can lead to legal and monetary consequences. If the original owner sends the perpetrator a copyright infringement notice and the perpetrator fails to respond, the original owner can file a lawsuit.
- You have no control over the hotlinked file. A hotlinked image is connected to the original website. If the original owner decides to modify or delete the content at any time, the changes will also be shown on the perpetrator’s website.
- Hotlinking makes you appear unoriginal and unprofessional. Due to the bad reputation of hotlinking, adopting this practice can poorly reflect on you. People may assume that you lack originality and don’t respect other users’ rights.
- You would be leeching off another website owner’s resources and increasing their hosting costs. Every time someone views a hotlinked image, it eats up the origin server’s bandwidth. So, the perpetrator is not only stealing content but also stealing website resources from the original owner.
How to Stop Hotlinking
Now that you’ve learned why you should stop hotlinking, you might be wondering what to do instead when you would like to use images from other websites.
The most important part is making sure that you’ve been given the authorization to use the image. There are some images that you can acquire by simply asking for the owner’s permission. Others are under a strict legal license – for example, copyrighted photographs.
Once you’ve received the permission or took care of the legal process, you should upload the file to your own host or use a third-party provider. For images, use an image hosting service like Imgur. This way, you will not be stealing bandwidth from the original website owner.
If, for any reason, you can’t acquire the image you want, try these alternatives:
- Find a similar replacement. You might still be able to deliver the same message with a different image. For example, if there’s a specific photo you can’t get, try acquiring a similar one from another source, such as a stock image service like Unsplash, Shutterstock, and Pexels.
- Link the page, not the image. If you can’t replace the image with a similar alternative, consider adding a link to the image’s original web page. You might not be able to show the image exactly as you wanted, but your visitors will still have the opportunity to see it by clicking on the link you provided.
How to Protect Your Site From Getting Hotlinked
Putting hotlink protection in place is very important to prevent issues related to content and bandwidth theft.
Before you proceed, keep in mind that hotlink protection won’t hurt your website’s presence in search results. As long as you don’t block search engines from indexing your images, your search engine optimization (SEO) efforts will be unaffected.
Let’s go over four different methods to protect your assets from getting hotlinked.
Method 1: Accessing hPanel Settings
If you host your website on Hostinger, you can set up hotlink protection right from hPanel. The process should be similar on other control panels. Follow these steps:
- Log in to your hosting account and head to the dashboard.
- Under Advanced, select Hotlink Protection.
- Under Block direct access to these extensions, choose which file extensions you would like to protect. Once applied, visitors won’t be able to view the direct links attached to the file extensions you’ve selected.
- In the Redirect blocked requests to this url field, you have the option to enter the URL of an error page you want to show visitors who attempt to hotlink your website.
Method 2: Using an FTP Client
Another option is to edit your website’s .htaccess file by accessing it through an FTP client like FileZilla or the file manager on your hosting account’s control panel.
Keep in mind that this method involves editing your website’s code, so be careful – a small error can render your site unusable.
- Once you’ve connected to your website’s FTP or opened up the file manager, navigate to the public_html folder.
- Within the public_html folder, find the .htaccess file and download it.
- On your computer, make a copy of the original .htaccess file in case something goes wrong.
- Open the .htaccess file using your preferred text editor.
- Copy and paste the following code into the file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
- Change yourdomain.com to your site’s actual domain.
- Save the edited .htaccess file and upload it back to the public_html folder.
Method 3: Using a CDN
Using a content delivery network (CDN) for your website has many benefits. A CDN can increase content delivery speed, providing a better performance for your visitors. It can also offer asset management features for website administrators, hotlink protection being one of them.
The process of activating hotlink protection will vary depending on the CDN provider you use. The following tutorial will go over how to set up hotlink protection on two popular CDN providers – Cloudflare and KeyCDN.
Here’s how to activate hotlink protection on Cloudflare:
- Log in to your Cloudflare account and navigate to the dashboard.
- Select the Scrape Shield app, which is located on the right of the apps bar.
- Switch Hotlink Protection on.
The Scrape Shield app by Cloudflare specifically prevents image hotlinking and supports .gif, .ico, .jpg, .jpeg, and .png file types.
Here’s how to activate hotlink protection on KeyCDN:
- Log in to your KeyCDN account and go to the dashboard.
- Select Zone Referrers from the sidebar.
- Click Add Zone Referrer.
- Enter the URL of the zone referrer. Zone referrers are the URLs that are allowed to view direct links of your website assets. URLs that aren’t included in the zone referrers will be blocked.
- Select the Zone from the drop-down menu.
- Click Add to save your settings.
- Feel free to add multiple zone referrers.
Method 4: Using a WordPress Plugin
If you use WordPress as your website’s content management system (CMS), there are several WordPress plugins available that can prevent hotlinking. We’ll go over three of them.
The first one is the All In One WP Security and Firewall plugin, which can automatically edit your website’s .htaccess file to prevent hotlinks. Follow these steps to set it up:
- From the WordPress dashboard, install the plugin and activate it.
- Navigate to the WP Security menu → Firewall → Prevent Hotlinks.
- Select Check this if you want to prevent hotlinking to images on your site.
- Click Save Settings.
Another plugin you can use is WP Content Copy Protection & No Right Click. This plugin can block visitors from copying text and right-clicking on your website. If you enable the right-click prevention, your visitors won’t be able to find or save the direct link to your content files.
Here’s how to enable the right-click protection on your site using this plugin:
- Install and activate the plugin.
- Click Copy Protection from your WordPress dashboard’s sidebar.
- Select the Premium RightClick Protection tab.
- Select the types of pages where you want to enable right-click protection. You can allow it on Posts, the Homepage, and other Static pages.
- Click Save Settings.
Secure Copy Content Protection and Content Locking is another option to disable right-click and asset copying. Here’s how to set it up:
- Install and activate the plugin.
- From the WordPress dashboard, navigate to Copy Protection → Options.
- Make sure that both Disable right-click and Disable right-click for images are ticked. Tick Show Message to give your visitors a message when they attempt to right-click on your site.
- Click Save Changes.
Conclusion
Hotlinking is the act of copying assets, usually images, by linking the file directly from other websites without authorization.
It is a bad practice that negatively impacts web administrators. Hotlinking another website’s images can take up a significant amount of bandwidth on its server and infringe on its owners’ copyright.
We’ve explored different reasons why you should never hotlink and what you can do instead to obtain and share content assets. We also went over four methods to protect your website from hotlinking.
We hope that this article has helped you find better ways to acquire content and keep your site safe from bandwidth theft. Good luck.
Suggested Reading
How to Diagnose and Fix a Hacked Website
Website Optimization
How to Clear Browser Cache and History
How to Inspect Element
How to Download a Website Backup
How to Check Your Website’s PHP Error Log
Hotlinking FAQ
Is Hotlinking Legal?
While hotlinking is considered bad manners in the online community, it’s not illegal in the EU or in the US to embed images without permission.
What Does No Hotlinking Mean?
‘No hotlinking’ is a request aiming to limit others from directly linking to your website’s assets, and subsequently, stealing your website’s bandwidth.
What Is Hotlinking Protection?
When you have hotlinking protection enabled, nobody can directly link to your website’s assets (like images and videos). This way, you can reserve bandwidth and ensure your website works the way it should.