How to Stop Image Hotlinking in WordPress?

What is Image Hotlinking?

Image hotlinking is a simple linking of your images by someone else on their site. The problem here is the server resources for loading images on someone’s site will be consumed from your hosting server. Hence, image hotlinking is a big problem for site owners and you need to find a way to stop someone stealing your server’s bandwidth. Since most of the hosting companies charge based on server’s bandwidth, it is necessary to ensure that images and other resources on the site are protected from hotlinking.

How to Stop Image Hotlinking in WordPress?

There are multiple ways you can prevent others from directly linking your images.

1. Enable hotlink protection from cPanel hosting.
2. Using a plugin.
3. Adding rewrite rules in .htaccess file.

We will discuss all three options in detail.

1. Enable Hotlink Protection from cPanel

The easiest way to enable hotlink protection is to activate the feature from your cPanel hosting account. Login to your hosting account and look for “Hotlink Protection” app. Mostly you will find this app under “Security” section.

Click on the app, fill out the required details and enable hotlinking for the required resources like images.

Basically you need to fill the following important details:

• Allowed list of sites – carefully enter all the sites from which you want to access the images with direct URL links. In general you should add all www and non-www versions of the sites on which you are linking the images. As shown in the picture, you can also use wildcard matching like http(s)?://(.*)?\.webnots\.com to include all domains and subdomains of your own site.
• Restricted Files – Enter what type of files you want to restrict. For images, you can use jpg, jpeg, png, bmp and gif. If you want to restrict other resources like script files, then add those extensions as well.
• Allow Direct Requests: Ensure to select the “Allow direct requests” checkbox to enable accessing the images with the direct URL on the browser.
• Redirect URL – When someone clicks on the hotlinked image they will be redirected to the URL mentioned here. For example, you can point to the localhost IP 127.0.0.1 to redirect to localhost when someone clicks on the hotlinked image. You can also leave this field blank.

After entering all the details, click “Submit” button to enable image hotlinking protection for your site.

2. Using All in One WP Security Plugin

If you do not have access to cPanel hosting or not using cPanel then the alternate way is to use plugin for preventing hotlinking. This is a good options when using custom hosting setup like SiteGround or any other managed WordPress hosting company. We checked as many as plugins and found All in One WP Security plugin offers this feature along with many other useful security functions.

• Install and activate All in One WP Security and Firewall plugin on your WordPress site.
• Navigate to “Security > Firewall” section.
• Enable “Prevent Image Hotlinking” option available under “Prevent Hotlinks” section.

3. Modifying .htaccess File

The plugin basically modifies .htaccess file and adds the rewrite rule. If you already have another security plugin on your site then it will not make sense to add additional plugin only for enabling hotlink protection of images. Instead you can modify .htaccess file and add the following code. Make sure to replace “yoursitename.com” with your own site URL.

# START Prevent Image Hotlinking
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^https://yoursitename.com [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
</IfModule>
# End Prevent Image Hotlinking

What Will Happen When Your Images are Linked?

When someone links the URL of your images on their site, the image will not appear. When clicking on the image link, it will lead to “403 – Forbidden Error”.

If there are already linked images on other’s site then the resource will be restricted as shown below or will lead to 403 error. You will see error message like “The requested content cannot be loaded. Please try again later.” in the browser’s console.

If the redirect request is enabled to localhost then clicking on the hotlinked image will redirect to the localhost IP address 127.0.0.1 thus saving your server bandwidth.

Conclusion

Whether you enable hotlinking protection from cPanel or use plugin or add rewrite rule in .htaccess file, it is highly needed step to save your server’s bandwidth. This will also save the cost of hosting and utilization of your resources by unknown sites.