Last updated on June 24th, 2024 at 02:57 pm
Discover how to prevent hotlinking and safeguard your website's content and bandwidth with our expert guide. Learn effective strategies to protect your site from unauthorized bandwidth usage and ensure your content is displayed only where you intend.
Learn how to prevent hotlinking & save your bandwidth
How to Prevent Hotlinking – 5 Effective Methods to Protect Your Content & Bandwidth
Hotlinking is when another site directly links to one or more of your site’s files (images, videos, etc.), effectively using your hosting bandwidth to display your content on their site. It’s a severe breach of web design etiquette. It demonstrates a lack of respect for the original content creator and can lead to legal issues. Unfortunately, it’s still a common practice among websites – even large ‘reputable’ ones. So let’s talk about it.
What is Hotlinking?
Hotlinking is when another site directly links to one or more of your site’s files (images, videos, etc.), effectively using your hosting bandwidth to display your content on their site.
This can significantly increase your hosting costs and slow down your site. The effects can be costly if the site that hotlinks your content happens to have a massive amount of traffic.
Why do Websites Hotlink Other Sites’ Content?
There are a few reasons why someone might choose to hotlink an image. While not all intents may be malicious, the effects can be the same regardless.
Limited Space on Their Web Server
Very few hosting plans offer unlimited storage. Among the ones that do offer unlimited storage, there is almost always a catch – in other words, there’s always a limit. When a website uses hotlinking for images, they never actually have to host the image themselves saving disk space.
Save on Bandwidth Costs
Just like storage, hosting plans don’t usually offer unlimited bandwidth. When a website hotlinks images from another website, the bandwidth for serving that image comes from the hosting company where the image is being pulled from. This can save bandwidth costs for the website doing the hotlink while increasing them for the site being hotlinked.
Avoiding Copyright Infringement
Images are one of the most commonly infringed pieces of online content. Many website owners think they can use images they don’t have the rights to if they never actually host it themselves. While hotlinking might help them fly under the radar for these types of infringements, displaying them on their website without permission is still a violation of intellectual property rights in most places.
They Just Don’t Know Any Better
More common than many people might think, a lot of times, website owners just don’t know that hotlinking is a bad idea. Not only is it bad etiquette, but it could be illegal in some locations.
How to Prevent Hotlinking
There are numerous methods to prevent hotlinking on your website. Some only apply to specific platforms so you’ll want to read through the options and use the one that makes the most sense for you.
Here are five effective methods to prevent hotlinking and protect your content and bandwidth.
Prevent Hotlinking with .htaccess
If your site is hosted on an Apache server, you can prevent hotlinking by modifying the .htaccess file. This method allows you to block or redirect requests for your site’s assets from external websites. Here’s a basic example of what you could add to your .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourdomain.com/ [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp|mp4)$ - [F]This code blocks requests for specific file types (e.g., images and videos) that don’t originate from your domain. You can customize the file types and the redirect URL based on your needs.
Prevent Hotlinking on NGINX
If your site is hosted on NGINX, you can prevent hotlinking by modifying the nginx.conf file (or website.conf if you’re using separate virtual hosts for multiple sites). You can add the following code in the configuration file to block hotlinking:
location ~ \.(jpg|jpeg|png|gif|bmp|mp4)$ {
valid_referers none blocked yourdomain.com www.yourdomain.com;
if ($invalid_referer) {
return 403;
}
}
This configuration blocks access to the specified file types unless the referer header includes your domain.
Prevent Hotlinking on IIS
While it’s more uncommon for Microsoft’s IIS to be used for hosting public websites, there are still many out there which utilize the technology and it’s a very valid web server option for self-hosted organizations.
Similar to the previous examples, IIS has a configuration file that you can either modify directly or using the IIS Management Console. Add the following code added to the rules section of the web.config file:
<system.webServer>
<rewrite>
<rules>
<rule name="Prevent image hotlinking">
<match url=".*\.(jpg|jpeg|png|gif|bmp|mp4)$"/>
<conditions>
<add input="{HTTP_REFERER}" pattern="^$" negate="true" />
<add input="{HTTP_REFERER}" pattern="^https?://(www\.)?example\.com/.*$" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" />
</rule>
</rules>
</rewrite>
</system.webServer>This code will block hotlinking to the specified file types unless the referer header includes your domain.
Prevent Hotlinking by Using a CDN
Many CDNs offer hotlink protection as part of their services. By using a CDN, you can offload the delivery of your content to servers that are geographically closer to your users, which can also help protect against hotlinking. The CDN can be configured to only serve content to your domain or to block requests that don’t come with the proper referer header.
As an example, one of the most popular CDNs, Cloudflare, has a very simple hotlinking setting that you can implement with a single click:
Use Tools Specific to Your CMS
Hotlinking can be blocked by using tools available to the CMS you’re using for your website. The most common CMS by far is WordPress, and there are plenty of plugins designed specifically for hotlink prevention. While we don’t make specific recommendations, it’s easy to search through the results to see what’s available and decide which one you want to try.
Update Your Website’s Terms of Service
While not a technical solution, clearly stating in your website’s terms of service that hotlinking is prohibited can give you legal standing to take action against offenders. It can deter potential hotlinkers if they know you might pursue legal action.
Final Thoughts
Preventing hotlinking is crucial for protecting your content and managing your hosting resources efficiently. By implementing one or more of the above methods, you can safeguard your site’s bandwidth and ensure your content is served only to your intended audience. Always back up your site before making any changes to server configurations or .htaccess files to avoid unintended consequences.
