How to Prevent Image Hotlinking in WordPress

Have you ever wondered why your WordPress website seems so slow to load? Unoptimized images, a high number of HTTP requests, or unclear code might cause this problem. Image hotlinking also lies at the root of your site’s slowness.

In this article, we’ll explain what image hotlinking is as well as its effect on your site performance and bottom line. Then, we will show you how to know if someone is hotlinking to your images and ways to disable image hotlinking in WordPress.

What is image hotlinking and why should you care about it?

Image hotlinking refers to a kind of image theft. The thieves don’t simply copy and put your images on their website. Instead, they embed your images in their content by linking them directly from yours.

It’s really bad to have your images hotlinked. Not only your site performance is damaged but you also have to deal with copyright infringement.

  • The impact on site performance
    When your image is hotlinked, that site doesn’t have to use its own bandwidth to host the file. If somebody views the image, the file is still loading from your website. Imagine you have many hotlinked images on popular websites with a lot of users, it will burden your server dramatically. You properly have to pay for additional server capacity.
  • Copyright infringement
    Using others’ images without their permission is illegal in most cases due to copyright regulations.

How to detect image hotlinking

Realizing image hotlinking doesn’t come as an easy task until the problem actually happens. However, finding out hotlinked images isn’t as complicated as you thought. You can easily use Google images search to look for these files.

To find out hotlinks to your website on Google:

  1. Open a new Google search tab
  2. Enter this command on the Google search bar. Be sure to replace the example domain with your owns.
  3. Click on the Image search tab and you will see a list of hotlinking images

2 ways to disable image hotlinking in WordPress

Luckily, there is more than one method to prevent hotlinking in WordPress, depending on your requirements. If you’re a tech-savvy and familiar with coding, you can create a .htaccess file on your webserver. In case you wanna simplify the process, go for Prevent Direct Access plugin.

#1 Create a .htaccess file on your webserver

It’s not ideal to edit your .htaccess file directly. You should back up your site or create a child theme otherwise all the changes will be gone after theme updates. Follow these 2 steps to block image hotlinking:

Step 1: Open your .htaccess file

  1. Go to your WordPress root folder on the webserver
  2. Find the file called .htaccess
  3. Right-click and edit the file

Step 2: Enter the code to your file

Copy this code and paste it to the bottom of the file.

/* Prevent image hotlinking in WordPress */
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

Remember to replace http(s)?://(www\.) in the code with your own site domain. The last line of the code identifies the file types you would like to disable hotlinking.

We can see from the code that your site whitelists social websites such as Google, Facebook, and Twitter. Use the same format if you want to add other whitelisted sites.

#2 Use Prevent Direct Access Image’s Hotlinking Prevention feature

Another method to prevent image hotlinking turns into using the Prevent Direct Access (PDA) Gold plugin. PDA Gold primarily works as a WordPress file protection plugin. The plugin blocks Google and unwanted users from accessing your files directly by securing the file original URL. Other websites won’t be able to embed your image URL anymore.

On top of that, you can also prevent other people from stealing and using your unprotected images or files without permission via the Prevent Image Hotlinking feature.

This guide shows you how to prevent image hotlinking using PDA Gold plugin:

  1. Download PDA Gold plugin
  2. Go to Add New under Plugins in your WordPress admin dashboard
  3. Click Upload Plugin and open the zip file you’ve just downloaded
  4. Install and activate the plugin
  5. Enable the feature Prevent Image Hotlinking in the plugin’s General settings page

Nobody can display your images with the direct URLs on their site now.

What’s more, the plugin takes your file protection to a higher level by enabling you to secure file downloads via download links. Users will see a 404 not found page when attempting to access the file original URLs. You can create private download links and send authorized users these links to access or download the files.

Have no more image hotlinking on your site

Image hotlinking affects negatively on your site performance by stealing your bandwidth and slowing down page loads. You can use Google Image search to easily detect hotlinked images.

There are several methods to block image hotlinking on WordPress from both server level and your website backend. The former requires you to add code to the .htaccess file while the latter needs you to install Prevent Direct Access Gold plugin.

Editing the .htaccess file blocks the images that have already been hotlinked. PDA Gold, meanwhile, helps disable hotlinking images and secure unlimited files on your website.

Install the PDA Gold plugin and prevent image hotlinking on your site today!