How to Prevent Hotlinking in WordPress?

Introduction:

Hotlinking is a common issue for website owners where external websites directly link to your website images, videos, or other media files, consuming your server bandwidth. This can drain your website's bandwidth, slow down performance, and increase hosting costs.

In this article, we will explain different effective methods to prevent hotlinking on your website.

What is Hotlinking?

Hotlinking occurs when another website uses an image or multi-media file of your website by linking directly to it instead of uploading the file to their own server. This means that every time someone visits their website and loads the page, your server has to send the file to them. This uses your server's resources and bandwidth even though the file is being displayed on someone else's site.

Why Should You Prevent Hotlinking?

There are several reasons you should prevent hotlinking.

1. One is that it helps reduce bandwidth consumption because hotlinking can slow your website down if your server is handling additional traffic.

2. Hotlinking also helps prevent unauthorized use of your content as it helps protect your images and media files from being used on other websites.

Method 1. Prevent Hotlinking Using the .htaccess File

One of the most effective ways to prevent hotlinking is using the .htaccess  file.  Kindly follow the steps mentioned below to enable the hotlink protection using the .htaccess file.

Step 1. Access your WordPress site files via FTP or cPanel File Manager.

Step 2. Navigate to your WordPress root directory via FTP/cPanel (e.g., /public_html) and locate the .htaccess file. If .htaccess does not exist, you can create the .htaccess file.

Step 3. Right-click on it and select Edit. A dialog box will open. Click the Edit button in the bottom right corner of this dialog box. It will open the .htaccess file in editing mode.

Step 4. Add the following code at the bottom of the file:

Explanation: This rule will block requests for specified file types unless the referrer is your domain or empty (direct access).

Step 5. Click on the Save Changes button to save the .htaccess file.

Step 6. Check your website and ensure images load correctly on your site and are blocked when linked externally.

Method 2: Using WordPress Plugin.

You can also use the Wordpress plugin to Prevent Hotlinking for your WordPress website.

Step 1. Log in to your WordPress dashboard.

Step 2. Navigate to the Plugins option on the screen's left side and click on the Add New option.

Step 3. Once you click on it, the Add Plugins window will open. Go to the Search box (Search Plugins) and type the plugin name named All-In-One Security (AIOS) – Security and Firewall.

Step 4. Next, click on the Install Now button to install the All-In-One Security (AIOS) – Security and Firewall plugin on your WordPress site.

Step 5. After the installation, you need to click on the Activate button to use that plugin for your WordPress site.

Step 6. Once you click on the Activate button, it will activate, and you can see it under the Plugins -> Installed plugins option.

Step 7. A new menu for WP Security will appear in the sidebar.

Step 8. Go to WP Security → File security section →File protection.

Step 9. Click on the  Prevent hotlinking tab and enable Prevent image hotlinking.

Step 10. Click on the Save Settings button.

Method 3: Enable Hotlink protection from cPanel.

Step 1. Log in to cPanel.

Step 2. Click on Hotlink Protection under the Security section.

Step 3. Click the Enable button to activate hotlink protection.

Step 4. To protect a domain, make sure it's listed in the URLs to allow access section.

Step 5. Take a look at the blocked file types list. In order to better protect your media, the most popular image types are already blocked by default, but you can add other file extensions.

Step 6. Check the Allow direct requests box to enable direct requests (via a specific URL).

Step 7. The last step is to enter a URL if you want to redirect hotlink requests.

Step 8. Click on the Submit button.

Now, only the websites specified in the "URLs to allow access" text box are permitted to access certain resources (such as images) on your server. Any request from an unlisted website will be blocked from accessing these protected resources.

Method 4: Using Cloudflare Scrape Shield

If you are using the Cloudflare service for your website,  you can also enable hotlink protection from the Cloudflare dashboard for your website.

Step 1. Log in to your Cloudflare account and select your domain.

Step 2. Go to the "Scrape Shield" tab from the left-side menu.

Step 3. Scroll down to "Hotlink Protection" and toggle it ON.

After enabling the toggle, hotlink protection is now active for your domain. This setting will block requests from other sites attempting to display your images and media files, helping you conserve bandwidth.

Method 5: Enable Hotlink protection from Plesk.

If you are using the Plesk hosting control, you can use the Plesk panel to enable the hotlink protection for your website. 

Step 1. Log in to your Plesk account.

Step 2. Go to Websites & Domains and find the website’s name.

Step 3. Click on the Hotlink Protection under the Security section.

Step 4. Click on the check box to Enable hotlink protection.

Step 5. You can also enter the file extensions that you want to secure using hotlink in the Protected files extensions section. (For example, jpg, bmp). White spaces should be used to separate the expansion.

Step 6. Click on the Save button.

Conclusion:

Hotlinking can negatively impact your website’s performance and increase the web hosting costs. By implementing hotlink protection using .htaccess, Wordpress security plugin, or Cloudflare you can secure your website from unauthorized media usage. You can choose the method that best suits your expertise and hosting environment.

In this article, we’ve discussed different methods to prevent hotlinking for the WordPress site.

If you encounter any issues while enabling hotlinking on your WordPress site, feel free to contact us via chat or ticket. Our support team will assist you.