Hotlinking and How to Prevent it

Hotlinking and How to Prevent it

In this article, we are going to talk about what Hotlinking is and How you can prevent it.

What is a Hotlink

In simple terms, Hotlinking is if someone embeds your content into their website/blog using a direct URL. So they literally copy your content into their website/blog without your consent and effectively, the other site is stealing bandwidth and generating unnecessary traffic hits on your website consuming your hosting resources.

Hotlink in CMS

Why Hotlinking is a Bad Practise

Hotlinking is a serious problem for many CMS sites, especially the ones that contain a lot of images. It is bad because:

Hotlink a Bad Practise
  • Hotlinking is used as a common cyber-attack aimed at exhausting the bandwidth of the targeted website/blog.
  • Hotlinking steals your hosting account resources and costs the site owner’s money.
  • Hotlinking also impacts your site performance.
  • The most important is that Hotlinking is unethical and illegal in most cases unless the required permission is granted.

Luckily for you people out there, there are a few tips and tricks to prevent Hotlinking from happening, Hotlinking can sometime’s hurt your site SEO, but it does need to be set up in a correct manner.

But before we begin, how do you know is someone is Hotlinking to your Site?

Web Host’s stats page is the first place to check if you are being Hotlinked. If you have noticed any weird bandwidth, in recent days or weeks, so this should be an indication that someone, somewhere is stealing your content.

Another way is based on the google image search tool. All that you have to do is type in in the search area. Change with your real domain name and this will show you all images which are hosted on your website/blog and also present on someone else’s website/blog. But just to be sure, you will have to keep checking several image links since Google shows you several results.

Prevent Hotlinking in Joomla

You can always take preventive measures to stop being hotlinked. Unfortunately for you, Joomla does not have built-in options that could protect against hotlinking, you may use one of the options below


You may use cPanel, in the security section you may find the Hotlink Protections feature. Click on it to open and configure it to utilize its facility.

You have the option to block direct access to files of specific types, add those files extensions to the “Block direct access for the following extensions” text box. And you also have the option to allow direct access to your files, in other words, you may configure Hotlink Protection to give access to the URLs which you prefer. Those URLs will have direct access to your files/images.

Prevent Hotlinking in Apache

If you happen to be running your Joomla websites on Apache server, all you need is to open the .htaccess file (which is available in your site’s root directory) and add the below lines soon after RewriteEngine On:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif|svg|mp4|mp3|pdf)$ - [NC,F,L]

Code Block Explanation

  • The 1st line allows blank referrers.
  • The 2nd line defines the allowed referrer.
  • Lines 3-5 add search engines to the allowed list.
  • And finally, the last line defines the file extension you decided to protect.

The above code will produce a 403 Forbidden error message instead of the requested file or image from your website/blog.

Prevent Image Hotlinking in NGINX Server

Use the below-provided code and paste it on your NGINX config file.

location ~ .(gif|png|jpeg|jpg|svg)$ {
      valid_referers none blocked *;
      if ($invalid_referer) {
         return   403;

Just replace “” with your real domain name and you should be good to go.

Prevent Image Theft in WordPress

Image theft is similar to what we are talking about above but this is specifically related to your images which you have uploaded on your website/blog. You have the same kind of issues when it comes to Image theft since you will not get credit for your work and you could lose out on revenue.

Prevent Image Theft in WordPress
Prevent Image Theft in WordPress

We have got 3 ways to show you how to protect Images on your WordPress website/blog:

  • Add Watermarks to your Images – Watermarks are the easiest and best ways to deal with image thefts. Using a watermark, you can add text or logo to your image to show the world that this is just your image and no one else the authorization over it unless you have granted them permission to use, but in that case, you generally remove the watermark so that the other person can use it on their website/blog.
  • Turn off Hotlinking on your WordPress Installation – You have the option to turn off hotlinking on your WordPress blog/site by making small tweaks to your WordPress core files. However, to accomplish this, you will need to access your website/blog via FTP like for FileZilla. Once you are connected, navigate to your root folder and look for the .htsaccess file. Edit that file with the below-mentioned code at the bottom of your file.
Editing .htsaccess file in WP
Editing .htsaccess file in WP
  • Create a Copyright Notice – You might have come across a lot of these and these are very useful in a lot of ways and for a lot of items on your blog/site. Copyright basically talks about information that the content on your site/blog is purely yours and no one else can use it without prior consent and approval. But using copyright generally requires legal work on your part.


It feels disheartening to know/see when someone is using your material on their website/blog without your permission. It is also difficult to stop people from pulling content from your site/blog now that we are in the 21st century since there are a lot of ways to get this accomplished. But nonetheless, using the above-mentioned options can help you accomplish a great way of preventing Hotlinks to your website/blog.

If you think there are better ways to do this, for your WordPress or Joomla site/blog, do let us know in the comments below. 

Sharing is Caring!

About Hamza

Full-Time - DevOps Engineer & Part-Time - Blogger

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.