How to Disable Hotlink in WordPress

Updated: August 12, 2022

To a visitor’s eye, hotlinked image is just like any other image because it blends seamlessly into the page. However, hotlinking is considered bad etiquette since they embed your images on their website by linking them directly from your website, not only do they use your media without permission, but also steal your bandwidth every time their visitors load a page that has your hotlinked image.

On the internet term, hotlinking means displaying an image on a website by directly linking it to the website hosting the image. However, hotlinking is not limited only to images, as other media like video and sound can be hotlinked too.

Imagine, if one of the websites with a lot of traffic uses images or videos from your site with the hotlinking method. Since hotlinking means they use your own website hosting bandwidth, you will reach your bandwidth limit much faster than you planned before. Even if you don’t have an issue with bandwidth limit since you may have an unlimited bandwidth plan, there still may be drawbacks for you, for example:

  • It could cost your site’s performance. Since hotlinking uses the media from your site, so with each concurrence visitors load their page that has your media, it will increase the resource load on your server site which could eat your site performance and make it heavy to load and in the worst case, your site becomes inaccessible.
  • Unauthorized use of your media. You may have purchased the images from stock photo websites or commissioned original photos, hotlinking means they may benefit from you unfairly.

How to Find Out if Other Websites are Hotlinking from You

You may not realize if someone is hotlinking your media until you feel your site’s performance feel sluggish. Even though there are many reasons why a website can become sluggish, it will not hurt to start preventing the hotlinking in your site.

In this article, we will cover some methods to disable the hotlinking to prevent others from hotlinking your media. But first, let’s find out if there is a site that is hotlinking to our media.

The most simple way to do that is by using google images and google videos. By entering a simple command you can look for every image or video that has a link to your website and exclude your website from the search result. This is by no means a foolproof method since the search result might include some media that aren’t hotlinked. However, it is still the simplest and easiest way to start looking for your hotlinked media. The command looks like follows:

  • inurl:yoursite.com -site:yoursite.com (change the yoursite.com to the name of your website domain)

Once you have searched for your hotlinked media, now is time to give your site preventive measures against hotlinking by disabling the hotlinking method on your site.

How to Disable Hotlinking in WordPress

Before you start, we advise you to take a backup of your site with a backup plugin or from your server side.

There are several methods to disable hotlinking. Let’s take a look at the options we have.

  • Using WordPress Plugin
  • Disable right-click on your site
  • Using CDN with hotlink protection
  • Rename the files that are being hotlinked
  • Adding a code snippet for Apache and NGINX user

Don’t worry, we will show you the step to disable hotlinking for each method we listed above. Let’s get practical, shall we?

Method 1: Using WordPress Plugin

We start our list with the most popular way for almost any kind of need or problem you face on your WordPress website, yes it’s by using the WordPress plugin. For hotlinking prevention, we choose the All In One WP Security & Firewall plugin, one of the most popular WordPress security plugins with more than 1 Million active installations at the time of writing and have the ability to prevent image hotlinking. You can get the plugin from wordpress.org for free.

Once you installed and activated the plugin, from your WordPress admin dashboard go to WP Security Firewall then continue by going to the Prevent Hotlinks tab to activate the Prevent Image Hotlinking setting by clicking on the checkbox. Once checked, save the settings by clicking the Save Settings button.

Method 2: Disable Right Click on Your Site

The second method is by disabling the right click on your site. You might consider disabling the right-click function on your site to filter out and restrict visitors that have no idea about hotlinking and prevent them from coincidental hotlinking to your images.

With many kinds of protection ready to use including hotlinking prevention from the above method, the All In One WP Security & Firewall plugin as it stands also has the option to disable right-clicking, text selection, and copy options in one go for your website. You can activate the options by going to the WP Security Miscellaneous from your WordPress dashboard and clicking on the Enable Copy Protection checkbox option to enable it.

The disabling right-clicking method is just another extra layer of protection for your content, therefore we advise you still need to give protection from the server side of your website.

Method 3: Using CDN with Hotlinking Protection

The third method is by using a CDN (Content Distributed Network) with the option to prevent hotlinking to your website.

If you haven’t used a CDN you might be asking, why should I use one?

Since the internet can be accessed from anywhere in the world, chances are your website visitors may have come from different geographic locations. With a CDN you can bring your website content closer to the visitors since CDN uses servers in data centers in locations across the globe in high-traffic areas and strategic locations to be able to move traffic as quickly as possible thus improving your distant website’s visitor load times.

Then the next question is, how do I use the hotlink protection using a CDN?

We will explain how to prevent hotlinking by using Cloudflare CDN. Cloudflare is one of the most popular Content Distribution Network, and in Cloudflare, you can also obtain hotlink protection with a simple setup.

To activate Hotlink protection in Cloudflare, first, you need to Sign up and add the website you want to enable the hotlink protection.

Once ready, go to the Scrape Shield Setting on your Cloudflare dashboard and activate the Hotlink Protection option.

Method 4: Rename the Media File Name

If you have found your image that is being hotlinked, renaming the media files is a simple way to break the link that is being hotlinked thus the media will not be shown and they will get 404 errors displayed instead.

You can rename the files by going to the Media library from your WordPress dashboard. However, you may need a plugin to rename your uploaded media from there directly. Phoenix Media Rename is one of WordPress plugins that allows you to easily rename your media files. You can get the plugin from wordpress.org for free.

Once installed and activated, proceed to look for the image that is being hotlinked in the Media Library. Continue by clicking the image, on the appearing window, click on Edit More Details.

Once the link is clicked, you will be taken to the Edit Media page. To rename the files, you just simply need to place a new name for the files in the Filename field.

Once you give it a new name, save your changes by clicking the Update button.

This method is only a quick fix, and we recommend you use another method for larger cases of hotlinking.

Method 5: Adding a Code Snippet for Apache and NGINX User

For the last method in our tutorial, we will add a code snippet based on the web server you are using at the moment.

If you’re not sure about it, you can simply check with your hosting provider or you can use the Whatruns browser extension to find out.

Here is the example of using the Whatruns browser extension in chrome to get information on our website wppagebuilders.com.

Hosting Providers like Siteground use both Apache and Nginx together. Siteground uses Apache as its web server and NGINX as a reversed proxy that serves as their caching system to provide high-speed access for its users.

Disable Hotlinking for Apache

If your WordPress site is running on an Apache web server, first you need to open the .htaccess file in your site’s root directory. To do so, go to the file manager of your web hosting service. Depending on your hosting provider, the root directory may be a folder labeled public_html, www, htdocs, or httpdocs.

Once, opened, paste the following custom code to the end of the existing line.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?other-websites-go-here.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

The above code prevents sites other than yours (modify yourwebsite.com to your website domain), Google, Facebook, and Twitter from accessing your media. If you want to add another websites to the whitelist, you can do so by adding more lines to the whitelist by following the above-whitelisted site format.

You can also add more file formats to protect your sound files and videos from hotlinking by adding more items to the above code, to be precise to the following line:

RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

Disable Hotlinking for NGINX

To disable hotlinking for NGINX, first, you need to open the config file which is located at /etc/nginx/ directory. Then add the following code to it.

location ~ .(gif|png|jpeg|jpg|svg)$ {
     valid_referers none blocked ~.google. ~.bing. ~.yahoo. ~.facebook. ~.twitter. yourwebsite.com *.yourwebsite.com;
     if ($invalid_referer) {
        return   403;
    }
}

The above code prevents sites other than yours (modify yourwebsite.com to your website domain), Google, Bing, Yahoo, Facebook, and Twitter from accessing your media. And same as the Apache hotlinking custom code, you can add more sites to be whitelisted by following the whitelisting format, and you can add more file formats to protect your sound files and videos from hotlinking by adding more items to the format line.

Bottom Line

You need to protect your media from hotlinking since not only do they use your image that you may have purchased the images from stock websites or commissioned original photos but also increase the resource load on your server site that could eat your site performance and make it sluggish and in the worst case, your site becomes inaccessible. Hotlinking prevention is not too difficult, with any of the methods we mentioned above may help you to prevent hotlinking to your media.

This page may contain affiliate links, which help support WP Pagebuilders. Learn more

Leave a Reply

Your email address will not be published.

Pin It on Pinterest

Thanks for commenting

Help us grow by sharing this post with your friends!

Scroll to Top

It's a minute already. Thanks for staying

Subscribe to get regular articles about page builder plugins and WordPress in general.