How to Prevent Hotlinking of Images in WordPress

Last updated on October 18th, 2014 by Robert Abela. Filed under WordPress Security Tutorials

Hotlinking is the direct linking to a number of website’s files from another website. Typically media content is hotlinked such as images and videos. Therefore when someone visits the website which is hotlinking to your website, the images shown on this website are retrieved from your website using your bandwidth. This will result in extra load on your website and is also bandwidth theft, therefore you should prevent hotlkinking. This could also lead to copyright issues.

As a security precaution it is recommended to use an .htaccess file to block all type of image and other media files hotlinking to prevent overloading of your WordPress and expensive bandwidth bills. If you have have other media content which can be hotlinked, such as videos, you should also block all type of hotlinking to such files.

New to htaccess? Check the Definitive Guide to htaccess and WordPress!

Htaccess file to prevent hotlinking of images and other media files

The .htaccess file in the example below can be used to prevent hotlinking of images with the following extensions; jpg, jpeg, png and gif. The htaccess file includes comments (lines starting with # are comments) so you can better understand the structure of the .htaccess file and find it easy to modify it for your own use.

#Switch on rewrite engine
RewriteEngine on
#Allow empty referrals, in case visitors are using personal firewalls
RewriteCond %{HTTP_REFERER} !^$
#Match request URL. Replace www.yourwebsite.com with your website URL
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www.yourwebsite.com [NC]
#Match all files with the below list of extensions
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

If you would like to block hotlinking to other file types, such as videos with avi or mp4 extensions, add their file extension to the last line of the sample htaccess file used in the above example, next to the gif extension.

These .htaccess file directives should be added to the .htaccess file in the root of your WordPress or website, if you would like to prevent hotlinking to all media files on your website.

WordPress Hosting, Firewall and Backup

WP White Security is hosted on A2 Hosting, protected with BBQ:Block Bad Queries Firewall and backed up with BlogVault online WordPress backup service

Leave a Reply

Your email address will not be published. Required fields are marked *