How to enable and configure hotlink protection
Last updated on 9 December 2023
“Hotlinking” is embedding content from one website on another website. Often, hotlinking is perfectly fine. For instance, there is nothing wrong with embedding a YouTube video on your website (provided the owner of the video has enabled that option). However, hotlinking can also be done without permission. Someone might see lovely photo on your website and decide to embed it on their website, using the original image URL.
This practice is bad for both your website and the website on which the resource is embedded. If someone embeds an image from your website then you pay for the bandwidth every time the image is downloaded. And the website on which the photo is embedded can’t be sure that the image continues to be available. If you remove the image then it no longer shows on the website doing the hotlinking.
You can stop websites hotlinking to your website by adding a rule to your .htaccess file. On cPanel servers you can also enable and configure hotlink protection via the control panel.
Hotlinking example
To illustrate how hotlink protection works, let’s imagine that I own example.com and that another website, penguins-unite.io, has embedded an image on its website that is hosted on my server:
<!DOCTYPE html>
<html lang="en-gb">
<head>
<meta charset="utf-8" />
<title>Penguins Unite!</title>
</head>
<body>
<h1>The online meeting place for all penguins</h1>
<img src="http://example.com/wp-content/uploads/2023/12/king-penguins.jpg" width="640" height="427" alt="It's a penguin!" />
</body>
</html>
As the owner of example.com I can prevent the image is downloaded from my server. In cPanel, you can do so via Security » Hotlink Protection. On the page you can simply click the Enable button to enable hotlink protection. The only other thing to check are the URLs and extensions that should be protected.
By default, cPanel’s hotlink protection blocks jpg, jpeg, gif, png and bmp files. You might want to tweak the list. For instance, bmp files are very rare nowadays, while webp images are becoming increasingly popular. Similarly, if you host your own video files then you can add extensions such as mp4, ogv and webm to the list. Or, if you use custom fonts then you can add the font extensions as well. It all depends on the content on your website.
When you enable hotlink protection cPanel adds a rule to the .htaccess file for the domains you specified. The default rule looks like this:
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
The hotlinked image is now no longer showing on the penguins-unite.io website. Instead, it is blocked with an error 403 (“forbidden”).
Redirecting URLs
You can also redirect rather than block hotlinking requests. If you do so via cPanel, do not click the “Allow direct requests” checkbox. It will break your hotlinking rule. Just enter the URL (or the path to) the destination.
You can have lots of fun with this feature. For instance, here I redirect hotlinking requests to an image named do-not-hotlink.jpg.
The rule in the .htaccess file is similar to the previous one. The only difference is that the rewrite rule now redirects to the replacement image.
RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ /wp-content/uploads/2023/12/do-not-hotlink.jpg [R,NC]
The replacement image (do-not-hotlink.jpg) is a photo of a My Little Pony character. So, the penguins-unite.io website now shows an image of a cute little pony rather than a penguin-related image.
If you look at the requests for the page you see that the king-penguins.jpg file now has the status code 302, which is a redirect. The redirect goes to the image of the pony.
Hanlon’s razor
Although hotlinking is a nuisance, it is usually done out of ignorance rather than malice. Someone probably used a WYSIWYG editor and simply copied and pasted the URL of an image on your website, without realising that the image will be downloaded from your server. Blocking the requests is easy and should be sufficient. Please don’t use the redirect feature to display offensive content on the website that is hotlinking.
Featured Blogs
Identifying Common Server Issues and How to Avoid Them
To maintain a smooth operation of any online business or digital service you need a server that is efficient and that you can rely on. Here at catalyst2 we understand the challenges that businesses face daily; purely to keep their business alive so the challenges that are faced in addition to this when server issues …
Why Server Backups are a Safety Net in the Digital World
Data is the foundation for businesses as it provides insights into customer behaviour and trends, as well as business performance and efficiency. So, businesses have the tools they need to make informed decisions and plan strategically. For businesses that are just starting out or that are smaller, data is a catalyst to help identify growth …
What are Flexible Servers and When are They Beneficial?
The word ‘server’ is frequently used in everyday discussions in IT departments within organisations, but unless you work in the tech industry, you might not be familiar with what it really means. A server is the backbone of all digital operations. It is there to manage tasks like data storage, processing requests, delivering content across …
Why Server Uptime Matters for Your Business Website
While many businesses still have physical workspaces or brick-and-mortar stores, the importance of a digital presence shouldn’t be overlooked. In addition to using things like social media channels to boost your brand awareness and interact with your customers, having a website offers several benefits. In today’s digital world, the performance of your website is crucial …
How to Protect Your Website Against Digital Disasters
More so than ever before, having a high-performing website is essential to the ongoing success of a business. Regardless of which industry you operate in, a website is a powerful tool that can improve brand recognition, drive growth and support customer engagement. Not to mention, it allows for online sales and can remove geographical barriers …
Does a Server Impact Website Traffic?
Regardless of which industry sector you operate in or what type of products and services you offer, having a website is non-negotiable in today’s digital world. More so than ever before, people turn to the internet to find businesses that can assist them with their specific needs and if you don’t have a website, you …
A Beginner’s Guide to Managing Your Website Server
When it comes to website management, there is a key component that business owners often overlook; server management. Your website server plays a crucial role in your online presence, it facilitates the delivery of your web pages to users and without a server, your website simply wouldn’t be visible online. So, it’s crucial to ensure …
Exploring the Costs Associated With a Website
In the digital age, getting a website is more than just a way to build an online presence, it’s a vital business investment. Not only do large retail businesses need a website, but smaller local businesses can also benefit from taking their business online. Recognising this importance, many businesses are now dedicating significant resources towards …
The Importance of Dedicated Servers for E-Commerce Websites
In the fast-paced world of e-commerce, having a reliable website is an essential factor in success. Whether you also have a brick-and-mortar store or solely a digital shop, ensuring your website is performing at its best can have a direct impact on your bottom line. Factors such as website uptime, ease of navigation and speed …
Things to Consider During a Website Review
Designing a website requires careful consideration and several reviews during the development stages to ensure everything is perfect. Once live, it can be easy to assume that no further updates are needed and your website will continue to perform well, however, this isn’t always the case. Regularly reviewing your website is essential to ensure its …
What our clients say
catalyst2 support people know their environment and how to manipulate it to the customers advantage.
