How to Prevent Image Hotlinking in WordPress

Categories Components, Media, Tutorials
Prevent Image Hotlinking in WordPress

Some of the most precious commodities of any website are its images. Unfortunately, these are the resources that many users try to leech off unsuspecting, ignorant website owners. A common way in which this leaching takes place is through image hotlinking. Luckily, it is really easy to prevent image hotlinking in WordPress.

This post aims to shed more light on image hotlinking in WordPress, how it works and how website owners can protect their sites from it.

What is Image Hotlinking?

Image hotlinking is when someone embeds images from your site on theirs by directly linking them from your website. For example, if someone finds an image he/she wants on your website, instead of saving the image file and uploading it on his site for display, he uses the URL or link of the image directly on his site. This way, the image appears on his site but is being served from your website. This can cause a somewhat noticeable strain on your overall bandwidth, subsequently slow down your site and increase your hosting bill.

How to Check Your Images for Hotlinking

One of the easiest ways to find out if your site’s images are being hotlinked is to use Google images. All you have to do is enter the following command in Google image search:

This prompt will look for all images on your website and sieve out every entry that bears your site’s URL, thus showing you the results of people who are possibly hotlinking your images. This method is not foolproof; however, it is a good method and will give you a great head start on protecting your website.

How to Prevent Image Hotlinking in WordPress

There are few methods to prevent hotlinking in WordPress. You will have to carry out minor editing on certain files in your installation, but not to worry; we will walk you through the entire process.

Prevent Hotlinking in Apache Servers

If your WordPress site runs on an Apache server, you will have to edit your .htaccess file. You need to navigate to your root directory where your WordPress is installed using an FTP software like FileZilla. Once in your root, you need edit your .htaccess file to add the code snippet to the very last line:

The above code will only allow sites that you have defined to load images from your website. In the third line, you need to replace yourdomain.com with your website’s domain.

After that, you have allowed search engines and social media sites from accessing your images, as you do not want to block their crawlers from display images on their results. And in the final line, you can link to the image which you want to display instead of your hotlinked image. Make sure that your hotlink placeholder is not hosted on your own server.

Prevent Hotlinking in Nginx Servers

If your site runs on Nginx, you will have to do put some rules in your virtual host configuration file. Once in the configuration file, you need to insert this location block inside your Nginx virtual host configuration file:

In the above code, you will have to list the domains allowed to link to your images, as well as your own domain. Do not forget to restart your Nginx server afterward to apply this configuration.

Using Plugins to Prevent Hotlinking in WordPress

All In One WP Security & Firewall plugin, which has over half a million active installs, provides an excellent and thorough security with a built-in ability to prevent image hotlinking. You can easily download it from your WordPress repository, or install it from your WordPress Dashboard.

Conclusively, image hotlinking has become a menace to many website owners as it affects the overall website functionality by reducing performance. This can lead to a reduction or loss of potential customers over time if not effectively handled. The tools outlined in the course of this article will definitely help you protect your images from hotlinking, bring overall protection to your website and ultimately save you a lot of money, bandwidth and time.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.