Hotlinking: What Is It and How to Prevent It in WordPress

Hotlinking: What Is It and How to Prevent It in WordPress

Hotlinking is a practice often used by content thieves to use your images as their own, using up your bandwidth in the process. In this article, we’ll explain what it is in detail, and show you how to prevent it from happening.

What Is Hotlinking?

If you post a beautiful image or video on your WordPress site, there might be people who love it and want to put it on their website too.

This appreciation might turn into a problem if they use your content without permission, especially if they also use your bandwidth — accidentally or consciously.

Hotlinking — a practice of copying an asset’s URL to display the content on another website by linking it directly to yours.

This way, every time people visit a website that has hotlinks to your assets, it would use your bandwidth. The more people access the content, the sooner you will run out of bandwidth.

Most people hotlink out of laziness, avoiding proper linking practices — like asking permission and uploading the content on their own web hosting. Of course, at times it’s done purely out of a lack of knowledge.

In fact, many people still think that leaving the content on its original site is better rather than downloading and re-uploading it. Through this people try to avoid violating the copyrights. This is a misconception.

Hotlinking is a bad practice because:

  • It is unethical and illegal — unless the content is free to use or labeled as creative commons
  • It might greatly increase spending —  it causes excessive use of bandwidth for the original image holder
  • It overburdens the server — accessing the image on another site exerts your resources

While simply stealing content is wrong in itself, hotlinking also impacts your site’s performance.

As mentioned before, running out of bandwidth and experiencing site slowdowns are only a few of the potential consequences. The worst case scenario is your monthly bills increasing, or your hosting provider giving you a penalty fee. If you can’t pay it, you can no longer keep your website and all of the assets.

That’s why preventing hotlinking is important.

How to Prevent Hotlinking in WordPress?

Before going further, there is a trick that allows you to check whether your content is hotlinked somewhere on the web.

All you have to do is type in in Google image search.

Replace with your domain name. This will show you all images which are hosted on your site but present on other ones.Checking an Act of HotlinkingYou can take a closer look at the HTML, other websites would use something like this:

<img src="" height=“1280” width=“800">

While the original file on your HTML page would look like this:

<img src=“wallpaper.jpg" height=“1280" width=“800">

If you want to enable hotlinking protection, there are several ways to do that:

1. Using an FTP Client

This method is one of the most effective ways to prevent hotlinking.

If you don’t have an FTP client, we recommend FileZilla. You should set up your FileZilla before moving on.

Using this method, you will need to look for the .htaccess file — assuming you already have it — then paste in this code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

Basically, this code will prevent hotlinking from all sites. So, you need to add your own domain by replacing the, and include search engines. This will whitelist the domains. Also, you need to determine the file formats to block, as shown in the last line of the code.

Keep in mind that including search engines is vital, as it will allow them to crawl your images.

2. Using a CDN

A content delivery network (CDN) allows websites to handle their traffic better by using a group of servers located in different places around the world. Using a CDN reduces bandwidth use, increases speed and improves security.

Each CDN has its own rules, meaning that you might use a different method to prevent hotlinking. For example, KeyCDN has a Zone Referrers option that prevents other sites from embedding your assets on their websites.

Once signed in to the KeyCDN dashboard, go to the Zone Referrer menu then set your referrers. After that, choose a zone to map the Zone referrer and save.

Basically, you would need to set the domains that can access your assets: your zone URL (, your origin URL (, and your zone alias (

3. Using WordPress Plugins

If you prefer to install a plugin, you might try All in One WP Security and Firewall. This is one of the best security plugins that help prevent hotlinking.All in One WP Security & FirewallOnce installed and activated, go to WP Security -> Firewall -> Prevent Hotlinks. You can check Prevent Image Hotlinking and click Save Settings.Prevent Hotlinks Using a WordPress PluginIf you want to go with a simpler way, just disable right-clicking on content. You can go to WP Security -> Miscellaneous -> Copy Protection. Check on Enable Copy Protection, and Save Copy Protection Settings.Copy Protection Settings Using a WordPress PluginOr, you can use plugins like Prevent Content Theft or WP Content Copy Protection & No Right Click.

4. Accessing Control Panel Settings

Lastly, you can prevent hotlinking from the control panel settings.

First, you must log in to your hosting account to do this. Then, you can go to the Security options and choose the Hotlink Protection option. Once you see the setup screen, set the configurations and save.

If you’re a Hostinger user, read this article to find out how you can activate Hotlink Protection in the hPanel.


Hotlinking is a bad practice that might cause severe problems. Preventing hotlinking is an easy task, so there is no reason to postpone this fix.

You can enable hotlinking protection in your website by:

  • Using an FTP client
  • Using a CDN
  • Using WordPress plugins
  • Accessing cPanel settings

Choose which option is preferable for you and keep on protecting your WordPress site!

The author

Richard Boyett

Richard is a WordPress software developer and an expert of content management systems. When he is not playing around with code, Richard enjoys good cinema and craft beer.