It’s called “hotlinking,” and if you run a website that contains a lot of images, you’ve probably dealt with the issue. In this tutorial, I will show you how to prevent other websites from displaying your images and using any other files.
“But don’t I want other websites to link to my images and videos?” Yes, you do. But hotlinking is different.
What Is “Hotlinking?”
Hotlinking is when another website displays an image or other media file from your site on their site. But instead of linking to your website, or even copying your image and uploading it to a server, thieves will display the image using the URL to the file on your site.
So every time the image is displayed to a visitor on their site, it is downloaded from your server. The other site is using your bandwidth rather than their own.
If the site hotlinking to your media doesn’t get much traffic, it’s probably not an issue. You may not even notice the effect. But if that other site happens to be a very popular one, it can become a very serious issue.
A link from a site like Reddit can consume bandwidth at a tremendous rate. In some cases, a popular site can send enough requests to even crash a website. Especially a site on a shared server, which is where most websites live.
A hotlink to a small image may seem inconsequential. But as images—and virtually every other kind of media files—become larger, the problem is magnified. You may not be concerned with a hotlink to a thumbnail-sized image on your site, but a 250 MB video file could be a very different story.
How to Spot Hotlinking
Most of don’t even realize that another site is hotlinking to our media until it becomes a problem. This usually presents itself as a dramatic increase in bandwidth or server resource use.
If it gets to the point where you find out about the usage in an email or phone call from your website host politely informing you that they have taken some drastic action to stop the usage, you’re stuck in a difficult and often expensive position.
There are warning signs, though, so it’s possible to prevent the situation from getting out of control. The first telltale sign of a hotlinking problem is website performance.
If your site slows considerably and remains slow for some time, you may want to take a look at your server logs.
The error logs can provide a clue. If there are no errors, you can also check the raw server logs. If another site is making a lot of requests for a file on your site, it should be obvious when you look at the logs.
Requests for the media file will show up much more frequently than expected.
The other sign to look for is an increase in bandwidth usage. If your visitor statistics are relatively unchanged but your bandwidth use has increased, it’s an indication that there may be a hotlinking issue.
cPanel Hotlink Protection can put an end to bandwidth leeching and the other potential headaches caused by hotlinking. When you enable Hotlink Protection in cPanel, you set up a URL-based barrier to your media denying access to it if the request doesn’t originate from your site.
How to Prevent Websites From Displaying Your Images
The way Hotlink Protection works is by allowing only certain domains access to your media files. Since you aren’t blocking specific domains, you don’t have to know which site is linking to the media to put a stop to it.
Log in to cPanel.
In the “Security” section, click the “Hotlink Protection” link or icon.
You’ll see a “Hotlink protection is currently disabled” dialog and an “Enable” button. You can ignore that as Hotlink Protection will automatically be enabled when you save your configuration.
cPanel provides a lot of default entries to make the job easier.
In the “Configure Hotlink Protection” section, here are the options:
URLs to allow access
URLs cPanel detects are in this list. You can add or remove from the list if you need. Note that you must list both www and non-www versions of the URLs you wish to allow access to your media.
Block direct access for the following extensions
This is where you define which types of media will be blocked. By default jpg,jpeg,gif,png,bmp are listed (note that there are no spaces between the file types, only commas).
If a file type that you don’t use on your site is in the list, you can remove it. File types that you may want to add depend on what kind of media is used on your site. But be sure to add any that you do use, such as mp3, mp4, mpeg, pdf, zip, etc.
Allow direct requests
If you check this you will allow linking to your media if the visitor comes in on a direct link. Meaning they aren’t just viewing a page on another site.
Redirect the request to the following URL
You can create a small image or a page that explains that the media is available at your site. You have probably seen this used when an image that you expect to see on a page instead shows a small image directing you to another site.
If you choose this option, make sure the image or page you redirect to is small in size. Otherwise, redirecting can defeat the purpose of blocking.
While it was once popular to serve up some form of a “Stop stealing my bandwidth!” image, try to refrain from doing that. There’s no need to antagonize potential visitors to your site (or the person who hotlinked to your media in the first place).
Once you have the fields configured, click the “Submit” button.
If you don’t want to make any changes to the default configuration, you have two options. You can either click the “Submit” button or scroll up to the “Hotlink protection is currently disabled” text and click the “Enable” button.
Exceptions to the Rule
There are cases where you want to allow hotlinking to your files. The most common being RSS feeds that include images. If your blog or podcast RSS feed includes images and you set up Hotlink Protection for those image types, the images won’t show up in the user’s feed.
Do I Really Need to Prevent Websites From Displaying My Images?
We live in a world of “unlimited” bandwidth, so it’s tempting to believe that we can’t be affected by bandwidth-related issues. But you may learn the hard way that your website host has a different definition of “unlimited” than you do.
And even if bandwidth isn’t an issue, server resources are. Hundreds of requests for an image on your site every second may not cause bandwidth problems, but they will likely cause server resource issues.
Even the friendliest host will intervene (i.e., shut you down) if your site is causing problems for an entire server.
So the answer to the question of whether you really need to enable Hotlink Protection is…maybe. But if you are seeing signs of trouble (site performance issues, increased bandwidth consumption), Hotlink Protection is a great tool to have at your disposal.
Have you ever run into a problem with bandwidth leeching? Does your website use large media files that could attract hotlinking?