How to Prevent Image Hotlinking in WordPress
Hotlinking is exceptionally common. In fact, you may have unthinkingly engaged in it yourself. Unfortunately, it’s a poor practice, and not very courteous at all. In fact, it can cause serious performance issues. You might even take a financial hit.
Fortunately, you can fix this by preventing hotlinking on your WordPress site.
WordPress offers up several methods for you to use in order to prevent others from hotlinking the images on your site. You can do this via plugins.
You can also use a content delivery network (CDN) in order to protect your visuals from being hotlinked. There’s also a manual method. This third option allows you to take care of this issue without using any third-party tools or resources.
This piece will cover the following:
- What is hotlinking?
- What harm can hotlinking cause you?
- How can you know if people have hotlinked your images?
- What steps can you take to block hotlinking?
What is Hotlinking? Why is Hotlinking Bad?
Hotlinking is the practice of embedding images onto a website by linking directly to another website. This is problematic for a variety of reasons. First, the person hotlinking is using your image without permission. That’s stealing.

In addition to this, hotlinking uses resources on your site every time that image is accessed and viewed. Every time a hotlinked image is viewed, that image is loaded onto the page via your server. Essentially, it’s using your bandwidth without your consent.
Mary Dietrich is a web admin at Supreme Dissertations. She points out, there’s another potential issue here. Mary says, “Imagine that you are using another person’s images (with permission of course) on your site.
If someone else hotlinks those without consent or attribution, they’ve essentially stolen that image through your site. That can cause some serious troubles.”
Now, you might be able to force people who have hotlinked your image to stop. However, that takes time, and the process is difficult. The best method is to simply block hotlinking altogether.
How Do You Know if Your Images are Being Hotlinked?
You may not notice hotlinking initially. Most web admins are clued in when site performance begins to lag. Of course, there could be many reasons that happen. If you can’t identify issues impacting your WordPress site speed, here are some ways to determine if hotlinking is the issue:
- Implement a CDN that provides hotlink protection
- Use Google Images to search for images you’re hosting in other URLs
- inurl:yourwebsite.com -site:yourwebsite.com
The second option will show every website that has linked your images while omitting your own website from the result. The only downside is that it will include images that aren’t hotlinked. Still, if the results from this search are extensive, you can be pretty sure that hotlinking is a problem.
How to Prevent Image Hotlinking on Your WordPress Site
The first thing you will need to do is find and download an FTP tool unless you already have one. You should also create a backup of your website. This change does involve an essential WordPress file, and you want to be sure you have a backup in case anything goes wrong. Once you’ve done that, you can follow these steps in order:
- Find and Open Your .HTACCESS File
- Use FTP to access your site. Go to the WordPress root folder.
- It will usually be called public_html. Sometimes it may be called WWW or the name of your website.
- Once you determine which folder is right, open it. Look for a file .htaccess.
- Right-click, and select View/Edit.
Now, you are ready to prevent image hotlinking, by making a relatively simple change. Just keep in mind the .htaccess file is very important. It provides instructions to your server. It also controls who is able to access certain files and folders. Be careful, and back up your website before you make any changes.
- Paste the Following Code at the End of the File
This part is quite simple. Just scroll to the bottom of your file. Paste in the following code:
/* Added to Prevent Image Hotlinking */
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?anotherpermittedsite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ – [F]
This coding change will block other sites from accessing your images. As written, the code makes exceptions for your site, Google, Facebook, and Twitter.
The last line of code is a filler line to demonstrate how you would allow another additional site to access your images.
To add more sites, simply duplicate the same code with another URL replacing it. This is useful if you partner with other bloggers or websites, and have given them permission to use your images. You can also permit hotlinking with other websites you own.
Finally, the very last line of code indicates the file types for which this rule applies.
Feel free to paste this code snippet into the .htaccess file of any WordPress site that you own. This quick and easy fix will solve the problem, and you won’t need to use any external resources to do it.
Why Not Use a Plugin?
Actually, there’s nothing wrong with using a plugin. However, it only makes sense to do this if you are using that plugin for other purposes. Just keep in mind that you must manage your plugins actively, and ensure they are updated for bug fixes and security issues. If the only feature you require is blocking hotlinks, making that quick file change is much easier.
Final Thoughts
Image hotlinking is a bad practice. Unfortunately, it’s quite widespread as many people don’t realize the trouble it can cause. If you don’t want your images hot-linked, whether that’s due to performance or attribution issues, it is well within your rights to block it.
The best method is to simply make a simple file edit to stop hotlinking at the server level. Otherwise, you can implement a CDN, or search for a WordPress plugin that will do the work for you.
Suggested –