In the “real” world, theft is pretty universally frowned upon. But the same doesn’t hold true on the Internet, where people will happily hotlink your images and use your server’s resources to serve up your images on their websites.
Thankfully, it’s pretty easy to stop image hotlinking in WordPress and you have plenty of tools at your disposal, including both code methods via your site’s .htaccess file or a variety of helpful WordPress plugins.
In this post, I’ll briefly discuss why it’s important to prevent image hotlinking in WordPress. Then, I’ll show you four different methods that you can use to stop people from hotlinking, while still letting the people you want through, like Google image search.
Why You Want to Prevent Image Hotlinking in WordPress
If you’re not familiar with the term, hotlinking is when someone takes an image from another website – your website in this situation – and embeds it on their own website.
Even though the image displays on their website, it’s still being served from your website, which, ethics of taking other people’s images aside, is objectively bad for two reasons:
1. It Wastes Your Server Resources
As I mentioned above, your web server still has to serve up that image even if it’s being displayed on someone else’s website. So that means your server is using resources that could be used to improve your site’s performance and instead focusing those resources on someone else’s website.
On a small scale, that might not be a big deal. But if a popular site hotlinks your images or if lots of small sites hotlink over time, then that could create a noticeable drag on your server’s performance.
2. It Wastes Your Money
Once you get above the cheap shared hosts who advertise “unlimited” everything, including bandwidth, having someone hotlinking your images is going to cost you money.
See, beyond using your server resources, serving up all those images also costs you money in the form of bandwidth.
There’s a famous example of this where The Oatmeal, a popular webcomic, had its images hotlinked by The Huffington Post, a high-traffic website.
As you can see, The Oatmeal’s creator spends over $1,000 per month just on bandwidth, so he’s rightfully upset when someone uses his resources.
How to Prevent Image Hotlinking in WordPress
Ok, so image hotlinking is bad, but how do you go about stopping it to protect your server’s resources?
Thankfully, you have plenty of solutions.
When going through these solutions, though, you’ll want to remember that you might not want to block all external access to your images. For example, you still might want to let search engine crawlers through so that you can get your images featured in Google image search (if that’s part of your strategy).
Keep that consideration in mind as you go through…
1. Block Image Hotlinking in .htaccess
One easy way to block image hotlinking in WordPress is to use your site’s .htaccess file. There are two things I like about this approach:
- You can choose which URLs to still give access to, so search engine crawlers can still use your images (as can any other sites you want to allow).
- You can serve up an unauthorized placeholder image to people who try to hotlink your images. You can host this image on Dropbox or Imgur so that you don’t waste your own resources.
To use this method, you’ll need to connect to your WordPress site’s server via FTP and edit your .htaccess file.
Then, add the following code snippet:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourwebsite.com [NC]RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?google.com [NC]RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?bing.com [NC]RewriteRule .(jpg|jpeg|png|gif|svg)$ https://i.imgur.com/mn8mrUV.jpg [NC,R,L]
A few notes about using this code snippet:
- Make sure to replace yourwebsite.com with the actual URL of your website. Otherwise, you’ll block your own website from using your images.
- You can add or remove search engines by deleting the relevant lines or copying and pasting to add additional search engines.
- You can replace the Imgur link in the last line with the actual placeholder image that you want to serve to people who try to hotlink your images.
2. Use Your CDN to Block Image Hotlinking
If you’re using a content delivery network (CDN), your CDN probably includes rules to help you prevent image hotlinking.
For example, if you’re using Cloudflare with WordPress, Cloudflare includes its own Hotlink Protection in the Scrape Shield section of your account dashboard.
Most other CDNs also include something similar to help you protect from hotlinking – I recommend checking out your CDN’s support documentation.
3. Enable Hotlink Protection in cPanel
If your host uses cPanel, which a lot of budget WordPress hosts do, you can use a tool in cPanel to disable image hotlinking.
Typically, it’s called something like Hotlink Protection, usually under the Security section or something similar. Here’s what it looks like at Bluehost:
Once you open the tool, you’ll be able to configure how your hotlink protection works. You’re pretty much doing exactly what the .htaccess method does, but you get to use a graphical interface instead;
4. Use a WordPress Plugin for Hotlink Protection
Finally, you can also use a WordPress plugin to disable hotlink protection.
There are a few smaller plugins that you can find at WordPress.org, but the free All In One WP Security & Firewall plugin is probably your best bet.
In addition to implementing a bunch of other WordPress security rules, All In One WP Security & Firewall also makes it easy to enable hotlink protection with the check of a box:
Start Blocking Image Hotlinking in WordPress Today!
For most sites, there’s really no reason to enable image hotlinking. All it does is open you up to the chance of someone wasting your server’s resources (and maybe negatively affecting your wallet).
Thankfully, it’s pretty easy to prevent image hotlinking in WordPress. I outlined four methods and you can choose the one that works best for you:
- Use your .htaccess file
- Configure your CDN to block image hotlinking
- Use cPanel’s built-in Hotlink Protection tool
- Install a free plugin like All In One WP Security & Firewall
Do you have any questions about how to stop image hotlinking in WordPress? Ask away in the comments and we’ll try to help!
