How to Enable Hotlink Protection in WordPress

Image hotlinking is a practice that can negatively affect your website’s performance & your bottom line. However, sometimes it can be tough to notice a problem until the damage is done. That’s why it’s necessary to prevent image hotlinking in WordPress before it becomes a headache.

Thankfully, WordPress enables you to protect your site against hotlinking through various methods. For example, you can use plugins, or you can use a CDN to protect your images.

In this article, we’ll talk about hotlinking, how it can hurt you, and ways to prevent hotlinking in WordPress.

So, let’s get started.

What is Hotlinking?

Hotlinking is the act of directly linking files from other sites. It is also called bandwidth theft since, by doing so, you will be using up other sites resources.

There are a few sites that allow this practice, like YouTube. From its sharing option, you can easily find an embed link.

embed link

However, for most of the sites, hotlinking is not allowed. There are basically two reasons for that.

  • Private Digital Property: Your site can have unique personal work. With that being said, simply hotlinking to your files without the permission of the owner is considered unethical.
  • Bandwidth Usage: Hotlinking will eat up your site’s bandwidth whenever your files are viewed elsewhere. If you use a metered hosting plan, you will have to spend more to extend the bandwidth limit. For this reason, hotlinking is known as bandwidth theft.

The above two reasons show that enabling hotlink protection is an essential step if you are managing any site.

Does Blocking Hotlinking Hurt SEO?

Stopping people from hotlinking won’t hurt SEO, but it does need to be set up properly. There are crawlers from Bing, Google, Yahoo, etc. that need access to your images to be able to index & properly display them.

For example, when you see your image on Google image search, the thumbnail is served from Google’s image cache. But the original version of the image (if you click on the image) is actually served from your server.

How to Detect if Someone is Hotlinking your Images?

In most cases, you may not even realize that someone is hotlinking your images until you start to see a reduction in your website’s performance. Even then, there are numerous reasons why a site can become sluggish. Therefore, your best option is to enable hotlink protection in WordPress preemptively.

There are several ways to find out if someone is hotlinking your images or not. For example, you can use a CDN such as Cloudflare, which has all Hotlink Protection features.

However, one of the easier methods to check if someone is hotlinking your images is to use Google Images. You can insert a simple command that tells Google to look for your website’s images in other URLs:

inurl: – site:

This command looks for every image from your site & then removes each entry that includes your own URL. If someone is hotlinking your images, you can see them in the remaining results. Another way to find out the culprit is by clicking on each image & using the Visit Site button.

It’s not foolproof because the search can have images that aren’t hot-linked. But it’s a perfect solution that doesn’t require a special tool.

Gratefully, you can block image hotlinking in your WordPress altogether, which we’re going to explain in the section below.

How to Prevent Hotlinking?

There are some easy methods to protect your images against hotlinking. Let’s take a look at what options we have.

Disable Hotlink with a CDN

Most of us serve content around the globe from our sites & use a CDN provider to speed up our assets’ delivery. CDN providers like Cloudflare & KeyCDN have great hotlink protection already built-in for free that you can make good use of.

This is the most recommended method because CDNs have very fine-tuned rules for bots & other referrers that shouldn’t be blocked. Another benefit of disabling hotlink with a CDN’s help is that you don’t have to change anything with your WordPress installation.

If you are using KeyCDN, then click into Zonereferrers & add the rules. Crawlers like Google and Bing will still be able to access & index your images.

disable hotlink with Zonereferrers

KeyCDN even has a one-click option to allow empty referrers per zone.

allow empty referrer

This would enable hotlink protection for assets on CDN, but not the origin server. So, if you’re worried about someone hotlinking to your images directly on your server, you could also enable hotlink protection and prevent hotlinking on your origin server as well. This is very unlikely, though, because someone would have to remove the CDN URL manually. But it could happen.

If you are using Cloudflare, you can enable hotlink protection under Scrape Shield in your account. Hotlink protection has no impact on crawling of websites (by search engines), but it will surely prevent the images from being displayed on websites like Google Images, Pinterest, etc.

Cloudflare is a proxy service, so you don’t need to think much about enabling hotlink protection on your origin server.

Scrape Shield

Or, if you are using Amazon S3, you can enable hotlink protection with bucket policies, which you can see under “Permissions” on your bucket.

Amazon s3 bucket permissions

Then simply add the code given below.

add code prevent hotlinking

Block Image Hotlinking with the Help of .htaccess File

You can also avoid and disable hotlinking by modifying the .htaccess file. However, this method of avoiding hotlinking is recommended for advanced users only. Despite its effectiveness, tiny mistakes can bring your website down. So be extra careful when applying this method.

  1. Firstly, access your File Manager from the control panel – here, we’ll use hPanel.
    File manager
  2. Under the public_html folder, simply select the .htaccess file.
    public html
  3. After finding the files, download it and make a copy as a backup. Then, you can edit your file using a text editor like Notepad++, etc. After that, add the following code:
  4. Remember to change ‘’ with your site URL and then save the changes.
  5. Upload the file again to the pubic_html folder.

Disable Hotlinks by Using Hotlink Protection Plugins

This is a beginner-friendly method. You just have to install a plugin and activate it. Here are some hotlink protection plugins that are worth considering.

  • SecuPress: This WordPress security plugin is an all-in-one solution to protect both your website & its content. All you need is to enable the Anti Hotlink feature under the Sensitive Data category. It’s a paid plugin, and it will cost you $66/per site annually.
  • All in One WP Security and Firewall: It’s a robust plugin that protects your site from any content theft, & it’s absolutely free to download. You can easily activate hotlink protection by going to the Prevent Hot Links tab and look for the Firewall menu.
  • Disable Right Click: This WordPress plugin isn’t directly linked to hotlink protection, but it prevents visitors from right-clicking & copying your site’s content.


Image hotlinking is a huge problem for many sites, particularly if the hotlinking websites do not include proper attribution. If this happens to you, not only will your website’s performance suffer, but there’s a great chance that you’ll lose out on potential visitors while others profit from your content.

Hotlinking is not too difficult to prevent. You can use any of the methods mentioned above to prevent hotlinking. By adopting these methods, you will be able to save your time, money, and bandwidth. Do make sure to check your site regularly to see if anything unusual happens.