How to Enable Hotlink Protection: A Complete Guide
access_time
hourglass_empty
person_outline

How to Enable Hotlink Protection: A Complete Guide

If you have a media-rich website, the last thing you want to find is people stealing your content by hotlinking. To prevent such actions, you’ll have to enable hotlink protection. In this article, we’ll cover four ways on how you can do just that.

What is Hotlinking?

Hotlinking is the act of directly linking files from other websites. It’s also known as bandwidth theft since by doing so, you’ll be using up their resources.

There are a few websites that allow this practice, like YouTube. From its sharing option, you can find an embed link:

YouTube share links However, for most websites, hotlinking is not allowed. There are two reasons for that:

  • Private digital property ‒ your site contains unique personal work. That being said, simply hotlinking to your files without permission of the owner is unethical.
  • Bandwidth usage ‒ hotlinking will eat up your website’s bandwidth whenever your files are viewed elsewhere. If you use a metered hosting plan, you’ll have to spend more to extend the bandwidth limit. Hence, hotlinking is also known as bandwidth theft.

The above reasons show that enabling hotlink protection is a crucial step if you’re managing any type of website.

4 Ways to Set Up Hotlink Protection

Configuring hotlink protection is not complicated. Here are the four methods in which you can set it up:

Disable Hotlink via Hostinger’s hPanel

Hostinger users can activate hotlink protection through hPanel. It’s quick and straightforward. First off, sign in to your hPanel:

  1. From the dashboard, go to the Other category and choose Hotlink Protection.
    Hotlink Protection option under the Others category on hPanel
  2. Select the file types that you want to protect from hotlinking on the Block direct access to these extensions section.
  3. You can enter a page address to redirect blocked requests on the Redirect blocked request to this URL option. Save it when you’re done.
    Configuring hotlink protection

Disable Hotlink With a CDN

If you’re using a CDN or Content Delivery Network, you can also enable hotlink protection. Depending on your CDN service, it can be done through the settings page.

As an example, with KeyCDN, you can restrict the HTTP referrers for direct-linking. Their Zone Referrer feature allows you to block hotlinking by setting specific domains that can access your assets. To do that:

  1. Access the KeyCDN dashboard
  2. Click on Zone Referrer
  3. Set your Referrer, usually your website’s URL
  4. Choose a Zone to map the referrer to
  5. Save your changes

If you’re using Cloudflare, you can follow these steps:

  1. Go to the dashboard
  2. Select your website as the target of the hotlink protection
  3. Under the Scrape Shield menu, you’ll find the Security option
  4. Set the hotlink protection On

Block Image Hotlinking Using the .htaccess File

You can also avoid hotlinking by modifying the .htaccess file. However, this method is preferable for advanced users only. Despite its effectiveness, tiny mistakes can bring your site down. So, be careful when applying this method:

  1. Access your File Manager from the control panel. Here, we’ll use hPanel.
    The File Manager in Hostinger's hPanel
  2. Under the public_html folder, choose the .htaccess file.
    Locate the htaccess file before downloading it.
  3. Once found, download the file. Then make a copy as a backup. You can then edit the file using your text editor like Notepad++ or Bracket. Add the following code:
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mywebsite.com [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
  4. Remember to replace “mywebsite.com” with your website’s URL. Save the changes.
  5. Upload the file back to the public_html folder.

You can delete certain file extensions from the provided code if using .htaccess to allow the formats to be hotlinked

This method can also be done using an FTP client, we recommend Filezilla.

Using Hotlink Protection Plugins

This last method is beginner-friendly. You just need to install a plugin and activate it.

Here are the hotlink protection plugins that are worth considering:

  • SecuPress ‒ this WordPress security plugin is an all-in-one solution to protect both your site and its content. You can simply enable the Anti Hotlink feature under the Sensitive Data category. The plugin will cost you $66/per site annually.
  • All in One WP Security and Firewall ‒  it’s a robust plugin that protects your website from any content theft, and it’s free to download. You can activate hotlink protection at the Prevent Hotlinks tab by going to the Firewall menu.
  • Disable Right Click ‒ this plugin isn’t directly related to hotlink protection, but it prevents visitors from right-clicking and copying your content.

Wrapping Up

Hotlinking is a bad practice of direct-linking other people’s website files without their permission. It can cause problems such as bandwidth and asset theft. To protect yourself from it, you’ll have to set up hotlink protection on your site.

There are four methods to activate it:

  • Through Hostinger’s hPanel
  • Using a Content Delivery Network (CDN)
  • Modifying the .htaccess File
  • Installing hotlink protection plugins

Feel free to pick whichever method that suits you and good luck!

The Author

Author

Elvinas S. / @elvinas

Elvinas is a senior server administrator at Hostinger. He monitors the infrastructure’s well-being and keeps the uptime at a maximum. Besides server management, web development has always been one of his biggest passions.

Related tutorials

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Become a part of Hostinger now!

More in Hostinger
How to Block an IP Address Using hPanel
Close