When someone use the URL of a file hosted on your server on their website, s/he is said to be Hotlinking your files. Each time when that website page will be requested, the file will be fetched from your server, consuming your server bandwidth. It doesn’t matter to the people who have unlimited bandwidth on their hosting, but in the less favorable circumstances, you have to step forward to protect your files from being stolen by stopping hotlinking. This can be achieved when you enable hotlinking protection on your server.

Hotlinking, when performed without permission, is also known as Bandwidth theft, as it promotes open plagiarism. So, it’s better to ask the owner before using his / her files directly on your website or blog. You should also provide appropriate credit to the owner, when reproducing the same files on your server.

If you do not allow others to hotlink your files, you should mention this in the Disclaimer of your Website or blog. But the better way to stop hotlinking of files is to disable it completely. Basically, it requires to perform some modifications in the .htaccess file in the root of your website. Here are the solutions to disable hotlinking of files on your website:

Note: Before proceeding, make sure to back up the .htaccess file. If you use a subdomain to store files on your website, you may need to edit the .htaccess file in the subdomain folder (which can only be done manually).

Enable Hotlinking Protection from cPanel

If your hosting provider supports cPanel access, then check for the Hotlink Protection option there. Next, follow the below given steps:

Enabling Hotlinking Protection from cPanel

  • Input URLs to allow access to your files. Other than your website URL, it could be a sub-domain, feed services, search engines. You should allow feed services to make your images available to the feed readers. You should also allow major Search engines to access your images, as it will not block images files of your website to appear on searches.
    Enabling Hotlinking Protection from cPanel
  • Next, enter the file extensions that are needed to be blocked to access directly (i.e. from hotlinking). Generally, people block direct access of image files extensions to disable image hotlinking, but some seek options to disable swf hotlinking as well. You may input other extensions also like .swf, .fla etc. to block their hotlinking.
    Enabling Hotlinking Protection from cPanel
  • After that, enter an alternate file URL that is to be shown in place of your files, when hotlinked on other websites.
    Enabling Hotlinking Protection from cPanel
  • Lastly, save the settings by clicking “Submit” or “Enable Hotlinking” or similar option in the cPanel of your hosting displays.

So, you have enabled the Hotlink protection through the cPanel of your hosting.

Enable Hotlinking protection using .htaccess

If you do not have cPanel supported on your web hosting, you can do it manually by editing the .htaccess file in the root of your website. Edit your .htaccess file, copy and paste the below code in it (you may use an FTP client like WinSCP or FileZilla for that):

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+.)?yoursite.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*.(jpe?g|gif|bmp|png)$ http://i56.tinypic.com/34dkc44.gif [L]

Replace yoursite to your website name. If you have a different TLD other than .com (dot com), then change it to the one you have (like .org, .net etc.).

The URL in the last line is the alternate image file which will be displayed in place of your files on hotlinking. The URL http://i56.tinypic.com/34dkc44.gif is an image from TinyPic (external website which allows using / embedding images) which carries a “Don’t Copy” message, you can use a different file and put it in the place of this image.

The above code can only be used for hotlinking images, but if you want to protect more files from being hotlinked, you can add a file extension by modifying some code in the third line. Refer below code to add extensions in the block list (I added SWF and MP3 to it):

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+.)?yoursite.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*.(jpe?g|gif|bmp|png|swf|mp3)$ http://i56.tinypic.com/34dkc44.gif [L]

If you are noticing something wrong on your website after editing .htaccess, just restore the back up .htaccess you’ve created earlier before.

Alternatively, WordPress users may also use Hotlink Protection plugin to achieve the same without editing .htaccess file.

If you want to test the hotlink protection of your images, clear your browser cache and use hotlink checker tool to do so. You may also create a test blogspot or WordPress blog to check the hotlink protection of your files.