What is Hotlinking and the Best Ways to WordPress Hotlink Protection

4 Min Read

Hotlinking is showcasing someone else’s media file (image, video, audio, etc.) on your site with the direct link to where they have been hosted. It’s a controversial practice that may be regarded as unethical and can be illegal in some cases. Hotlinking can cause a huge drain on the bandwidth of the source site. Whether you hotlink people’s images or not, there are some guys out there to do it to your site. If you want to save your resources, you must prevent image hotlinking.

In WordPress, there are several ways you can serve media to your site. Delivering images with links is a feature which is being misused by the bandwidth thieves. No worries, there are ways to prevent image hotlinking in WordPress and this is what we will talk about today.

What is Hotlinking

Hotlinking is a process of serving images or other media files by using a direct link to other website’s servers. It’s like you find an image on a website and you use the image link to showcase on your site. Images are being displayed on your site but they are being served from a different location. It’s unfair and unjust on the host sites unless you have explicit permission to do so. 

Why Should You Protect Your Images from Hotlinking

I would ask why shouldn’t you. Hotlinking will eat out your bandwidth without doing anything good for your website. You may have to pay extra bucks for the bandwidth of the traffic that is not yours. You should protect your website media files from hotlinking for the following reasons.

  • Hotlinking is a Bad Practice: While the use of people’s assets without proper permission is illegal, hotlinking, on the other hand, is worse than that. It directly uses people’s resources.
  • Cost Extra Bucks for Original Sites: If a site with larger traffic volume hotlinks your media, your bandwidth will be used for a greater amount and that will cost you more money than usual.

Why Should You Avoid Hotlinking Too?

If in any case, you serve people’s images on your site via hotlinking, the images can be gone if the host site makes any changes to the link or take any measure to prevent hotlinking. So, hotlinking not only affects the host site but also affects the serving site. This is why you should avoid hotlinking too.

How to Recognize Image Hotlinking

You cannot detect hotlinking unless you conduct research. When you are experiencing a poor website performance, you should look into whether it is caused by hotlinking. You can detect image hotlinking by using google images. 

Search on Google with the following command and click on images

inurl:yourwebsite.com -site:yourwebsite.com

If you want to check hotlinked images of Themeum.com, you should search Google with the command below and click on Images.

inurl:themeum.com -site:themeum.com

The search engine will display hotlinked images along with the sites. 

How to Prevent Hotlinking in WordPress

Whether any of your website media resources have been hotlinked or not, you can take preventive measures at any time. It’s quite easy to prevent hotlinking with the process we show you here. Follow any of the ways below to prevent hotlinking in WordPress sites. Details are followed by the sneak peak.

  • Prevent image hotlinking in webserver
  • Block hotlinking using CDN
  • Hotlink protection in cPanel
  • Use a WordPress plugin for hotlink protection

Prevent Image Hotlinking in Webserver

You can prevent hotlinking by writing a simple code snippet in the .htaccess file of your Apache webserver. Copy the code snippet below and paste it on your website’s .htaccess file.

 RewriteEngine on
 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
 RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] 

Prevent Image Hotlinking in NGINX server

Copy the code snippet below and paste it on your NGINX config file.

location ~ .(gif|png|jpeg|jpg|svg)$ {
      valid_referers none blocked ~.google. ~.bing. ~.yahoo. yourdomain.com *.yourdomain.com;
      if ($invalid_referer) {
         return   403;

If you use any other webserver please check their documentation.

Block Hotlinking Using CDN

Some CDN providers have a pre-built image hotlink protection system. Services like KeyCDN and Cloudflare have great built-in hotlink protection for free that you can enable easily. If you are using any of such CDN, check whether you have hotlink protection system in them. Enable hotlink protection if your CDN has this feature.

If your host uses cPanel on your site’s server, you can use their hotlink protection tool as well. Go to your cPanel and scroll down to Hotlink Protection and click on it.


Click on Enable to activate hotlink protection.


Take a look at the cPanel documentation to know how to enable it in the setting.

There are a few WordPress plugins like All In One WP Security And Firewall having the ability to prevent or take measures against hotlinking. For example, the built-in system in All In One WP Security And Firewall plugin helps you prevent hotlinking in an easy way.

We’ve shown 4 different ways to prevent hotlinking in WordPress sites. You can follow any of the ways you prefer. You should be careful about your website resources and protect them by any means possible to ensure better performance for the visitors. If you protect your media assets from hotlinking, you will save your bandwidth from being misused and improve your site performance. Visit Themeum blog for more of such tutorials and tips. And share your ideas with us via comments.