prevent image hotlinking in WordPress

Image hotlinking is a practice that can negatively affect your site’s performance and your bottom line. However, sometimes it can be hard to notice that there’s a problem until the damage is done. That’s why it’s important to prevent image hotlinking in WordPress before it becomes an issue.

Fortunately, WordPress enables you to protect your website against hotlinking through several methods. For example, some plugins can get the job done, or you can use a Content Delivery Network (CDN) to protect your images. However, we’re partial to a more manual approach that doesn’t require you to set up any additional tools.

In this article, we’re going to talk about what image hotlinking is, how it can hurt you, and how to find out if someone’s doing it to your website. Then, we’ll teach you how to prevent image hotlinking in two short steps. Let’s do it!

What image hotlinking is (and why you should prevent it)

Image hotlinking is when someone embeds your images on their website by linking them directly from your website.

It’s bad enough when people use your media without permission, but image hotlinking adds insult to injury since it can also slow down your site.

Let’s discuss the primary downsides to image hotlinking:

  • It negatively impacts your site’s performance. Each time someone views a hotlinked image on a different website, it’s still loading from your server. That means they’re consuming your bandwidth without even visiting your site.
  • It’s bad form to use images without permission. On top of straining your site’s performance, people who hotlink images often won’t give you proper attribution. It’s technically illegal to reproduce your content without credit, even if it’s hard to force people to take it down.

As you can imagine, the significance of these issues depends on how much traffic the site with your hotlinked images receives. If it’s a small blog, for example, it might not impact your website’s performance much. However, if a site with lots of visitors hotlinks your media, it can cause a severe strain on your own site.

How to find out if someone is hotlinking your images

In most cases, you may not realize someone is hotlinking your images until you start to see a reduction in your site’s performance. Even then, there are dozens of reasons why a website can become sluggish. Therefore, your best option is to prevent image hotlinking in WordPress preemptively.

We’ll talk about how to do that in a moment. For now, let’s focus on how to find out if someone is hotlinking your images. There are several ways you can do this. For example, you can use a CDN such as Cloudflare, which includes a Hotlink Protection feature that does exactly what its name implies.

However, in our experience, the easiest way to find out if someone’s hotlinking your images is to use Google Images. You can enter a simple command that tells Google to look for your site’s images in other URLs:

inurl:yourwebsite.com -site:yourwebsite.com

This command looks for every image from your website and then removes each entry that includes your own URL. If someone is hotlinking your images, they’ll show up in the remaining results. You can also click on each image and use the Visit Site button to find out who the culprits are.

It’s not foolproof because the search might include some images that aren’t hotlinked. But it is a very good method that doesn’t require a special tool.

This is what it tells us after testing this very blog:

image search for ThemeIsle

Thankfully, you can simply block image hotlinking in WordPress altogether, which is what we’re going to do in the next section.

How to prevent image hotlinking in WordPress (in two steps)

Before we get started, you’ll need to download an FTP client such as FileZilla (if you don’t have one already). We also recommend that you back up your website, since you’ll be tweaking one of your WordPress core files. When you’re ready on both counts, you can move on to the first step.

Step 1: Open your .htaccess file

The first thing you need to do is access your website via FTP and then go to your WordPress root folder. In most cases, it will be called public_html, although some hosts default to www or your site’s name.

When you’ve found the right folder, look for the file called .htaccess. Right-click on it, and choose the View/Edit option:

Editing your htaccess file to prevent image hotlinking in WordPress.

This will automatically open the file using your local text editor so you can make modifications to it. Keep in mind that your .htaccess file tells your server how to behave and who has access to specific files and folders. You need to be careful when working with it, hence the need to back up your website beforehand.

Step 2: Add a code snippet to your file

Now that your .htaccess file is open, scroll to the end of it and paste in the following code:

/* Prevent image hotlinking in WordPress */
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?other-websites-go-here.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

What this code does is prevent sites other than yours, Facebook, Twitter, and Google from accessing your images. You’ll notice that there’s an additional line with an example of another whitelisted site. If there are other places you want to allow to use your images, go ahead and add them using the same format as the first two entries.

Finally, take a look at the very last line. It indicates which file formats you’ll apply the hotlink prevention rule to. If you’d like, you can add or remove options. Then, remember to replace the URLs in the example above with your own and save the changes to your file.

And that’s it – you just blocked image hotlinking for your website at a server level!

Conclusion

Image hotlinking is a real problem for a lot of websites, particularly if the sites doing the hotlinking aren’t including proper attribution. If this happens to you, not only will your site’s performance likely suffer, but you’ll also lose out on potential visitors while others profit from your content.

Here’s how to prevent image hotlinking in WordPress without using plugins, in only two steps:

  1. Open your .htaccess file via FTP.
  2. Add the code snippet from above to that file.

Do you have any questions about how to prevent image hotlinking in WordPress? Let’s talk about them in the comments section below!

Free guide

5 Essential Tips to Speed Up
Your WordPress Site

Reduce your loading time by even 50-80%
just by following simple tips.

Download free guide