As a website administrator, you have to be vigilant in protecting your website and data from potential security threats. In addition to assessing your site security from all angles, such as identifying and addressing vulnerabilities and potential exploits, youāre also responsible for guarding the bandwidth you pay for. One way to protect against bandwidth theft through hotlinking is by utilizing a reliable security plugin. Hotlinking is a method internet users employ to piggyback off your bandwidth. This could cost you money if you donāt prevent it.
In this article, weāll go over what hotlinking is, why itās a problem for your WordPress website, how to tell if someone is hotlinking from your site, and how to prevent it from happening in the future.
Letās jump right into it.
- 1 What is Hotlinking?
- 2 Why Hotlinking is Bad for Your Website
- 3 How to Tell if Someone is Hotlinking Your Images
- 4 How to Prevent Hotlinking on Your WordPress Website
-
5
Hotlinking Frequently Asked Questions
- 5.1 How do I know which hotlink protection method is right for me?
- 5.2 Iāve protected my website from hotlinking, but someone was able to steal my content before I disabled right-clicking. How do I get them to remove it?
- 5.3 I disabled right-clicking on my site, but someone still took screenshots and is using the screenshots anyway. What should I do?
- 6 Summary
What is Hotlinking?
Essentially, hotlinking is the theft of your bandwidth and specific assets from your website. It involves an internet userāwhether thatās another web designer or a blogger posting on another siteātaking the source code from a piece of your media and linking directly to it from the site theyāre working on. The content they link to could be a photo, graphic, video, or other piece of visual media hosted in your siteās space.
Rather than using their own bandwidth to host the media, they link to yours so it will display on their site or post. They donāt bother to upload the image to their own hosted space. Oftentimes, people who hotlink also arenāt using the media with your permission or the necessary licenses to do so. When this happens, you can bet theyāre also skipping the all-important step of attributing the content to its original owner or creator.
As though stealing your site bandwidth wasnāt bad enough, hotlinking often amounts to copyright infringement. A user might be lifting your intellectual property (IP) without asking, or using a stock photo they didnāt purchase a license for. Although they may not be aware of the gravity of the situation, hotlinking can actually land the offender in hot water with both you and any other owner of the media theyāre using.
Why Hotlinking is Bad for Your Website
Hotlinking is bad for your website because the offending user is using bandwidth resources youāre paying for. In extreme situations, thatās like a neighbor filling their swimming pool with water from your hose: they get the water, and youāre stuck with the bill.
Not only does hotlinking equate to the theft of your resources; it could also mean theft of your IP. Itās bad enough to have someone lift your bandwidth, but stealing resources you worked to create for your audience takes it to another level. Your best bet is to learn how to identify whether your images or videos are being hotlinked, then implement measures to keep it from happening again.
How to Tell if Someone is Hotlinking Your Images
When someone hotlinks your images, they use your image URL to link back to your site. This method pulls your image (or other media) onto their site and displays it. Right-clicking on someoneās site to inspect the imageās source code will tell you right away if theyāre hotlinking.
Sometimes, when someone is hotlinking your images, you might experience a dip in your websiteās performance. You may also learn that youāve exceeded your allotted amount of bandwidth, and your web host is going to charge you more for the amount youāre using. If this is the case, youāll need to investigate further to find out whether someone else is pulling from your space.
How to Find Hotlinks Via Google Images
Thereās a simple method you can use to check for hotlinked images via Google Images. Youāll need to open a new browser tab and navigate to Google Images, then enter the following command line in the search bar. (Be sure to replace āwebsiteurl.comā with the correct URL.)
inurl:websiteurl.com -site:websiteurl.com
In this case, we checked out the Elegant Themes website, so the command looked like this:
inurl:elegantthemes.com -site:elegantthemes.com
Your search results may yield images that are currently being hotlinked from your website. However, donāt assume that just because your images show up, theyāre being hotlinked. Sometimes, they are not. Itās important to keep that in mind before you begin. For example, our search results yielded a number of sites that feature Elegant Themes images, but upon further inspection of the source code, we found that many were not hotlinked.
When we entered the command into Google Images, here are the results we got. For privacy purposes, I covered the URLs because in this case, I didnāt run across hotlinked images.
This search allows you to see both branded images and the sites they appear on. Proceed with caution, though: sometimes, the search results might include your images, but the images may not be hotlinked at all. To investigate further, you can right-click on each image and inspect its source code. This will tell you whether the image is being hotlinked from your site.
Luckily, there are some solid ways to prevent hotlinking to media on your WordPress, so letās look at those next.
How to Prevent Hotlinking on Your WordPress Website
Preventing internet users from hotlinking on your WordPress website is fairly straightforward. There are some basic ways you can do this yourself, as well as plugins that help make the job simple.
Change Your Image Filenames Or Move Your Images
One quick way to keep your images from displaying on someoneās website is to simply rename your files or move the images to a different folder. This will immediately break any links the offenders are using on their sites. Of course, itās really a temporary fix. They can always come back and lift the new filenames from your site later.
Swap Out Your Images
While this method still uses your bandwidth, a great way to make an impression on hotlinkers is to swap out your images. In other words, upload a new image with the same filename that indicates, to the hotlinkersā site visitors, that theyāve stolen your property. Doing this wonāt ease your site storage woes, but it will get your point across.
A great example of this is when Matthew Inman, creator of The Oatmeal, called out The Huffington Post in 2015 for hotlinking comics from his website without permission. He swapped the stolen images out with an image of his site hosting bill, in addition to humorous drawings to troll the online publication.
Insert Code Into Your .htaccess File
You can insert code into your .htaccess file (accessed via your FTP client) that prevents other internet users from hotlinking your assets. Login to your FTP client of choice, such as FileZilla, then navigate to your public_html folder to locate .htaccess.
Before you begin, make sure to make a copy of your .htaccess file and save it locally in case you run into problems. (Itās also a good idea to make a backup of your site before you work in this file.) Once youāve made your backups, open your .htaccess file to edit. Simply right-click the file and choose āView/Editā from the drop-down menu, and it will open in your default text editor.
Youāll need to add the following lines of code to the file (remember to replace āsiteURL.comā with your websiteās URL):
RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?siteURL.com [NC] RewriteRule \.(jpg|jpeg|png|gif|bmp|tif|tiff)$ - [F]
Thatās it! Your hosted media should now be protected from hotlinking.
Prevent Hotlinking Via Your CDN
If youāre using a content delivery network (CDN) such as Cloudflare, Sucuri, or KeyCND, you likely have an option to block hotlinking from the CDN itself. For Cloudflare users, for example, the CDN has a feature called Scrape Shield that you can enable to protect your content from being hotlinked. It also protects email addresses and content from the server side.
Prevent Right-Clicking On Your WordPress Site
Itās possible to prevent users from right-clicking on your WordPress site to save your images, or to grab the image URL for hotlinking. You can install a plugin such as WP Content Copy Protection & No Right Click to get started.
The plugin has multiple content protection features beyond right-click prevention, including preventing users from highlighting and copying the text on your site. Other plugins that disable right-clicking on your WordPress site include Disable Right Click for WP and No Right Click Images Plugin.
In addition to installing a content protection plugin, itās also a good idea to consider watermarking your images. You can read about our favorite watermark apps here.
Hotlinking Frequently Asked Questions
How do I know which hotlink protection method is right for me?
Your chosen method of hotlink protection really depends on your needs and your technical abilities. For example, if you donāt tend to work on your siteās code, adding a command to your .htaccess file might not be the best option for you (of course, you could ask your developer for help if youāre working with one). If youāre working with a limited budget, you wonāt want to swap out your images to make a point on someone elseās siteāinstead, youāll want to prevent that bandwidth from being used at all. Consider your individual needs, then select the solution that feels like a fit.
Iāve protected my website from hotlinking, but someone was able to steal my content before I disabled right-clicking. How do I get them to remove it?
You can issue a DMCA takedown notice to start the process of getting your IP removed from offending websites. Ensure you have a copyright notice on your website, and register it with the U.S. Copyright Office for extra protection. You can read about how to do that here.
I disabled right-clicking on my site, but someone still took screenshots and is using the screenshots anyway. What should I do?
You can issue a DMCA takedown notice for the copied content. In the future, consider watermarking your images so that even if someone takes a screenshot, that watermark will still show up. It will indicate to their site visitors that theyāve lifted content from somewhere else on the web.
Summary
Hotlinking can be an aggravating and costly issue when you run a WordPress website. Thankfully, itās preventable so that you can protect your content and bandwidth, and go about your business. With the right combination of tools and protective measures, you can prevent a wide range of digital theft.
Do you use any form of hotlinking protection on your WordPress site? Tell us about it in the comments.
Article featured image by astel design / shutterstock.com
Hi, I have used the hotlink prevention method before, I think using my CPanel.
However, when I did this, the featured images when shared on social media sites, e.g. FB, LinkedIn, etc, don’t show up, so that created a problem. So in the end I deactivated this method in order to get my images to appear on social media posts for better promotion.
Also, when I used the hotlink prevention, I also lost a lot of backlinks.
Is there a way to prevent hotlinking without having these 2 problems?
Excellent compilation to avoid hotlinking, don’t forget also that through the popular hosting managers like cPanel or Plesk there is also an option to avoid it, maybe for a medium-low knowledge user it will be easier.
Haley, thanks for this post, I actually checked my site and, although I canāt find any hot-links that are obvious, I did find a website that came up with the link you provided, and when I checked the code on that site, there are 32 mentions to my website URL but I am not sure what is it doing or what is it linking to.
I added the code to my .htaccess file but Iād love to know whatās really going on behind that website. I donāt know if itās alright to post the result I get here, so first I want to check with you, as I am sure I am not the only one out there with this issue, but many of people donāt really know how to check the code behind a site.
Any help you could give me to understand whatās going on would be greatly appreciated.
Thanks!! A timely post! Watching some random traffic and sure enough, a couple of images were being pirated away!