Table of Contents
What is Hotlinking?
Hotlinking (also called inline linking) occurs when someone displays an image or file from your website on their website by directly linking to your file URL. This uses your bandwidth and server resources without your permission.
Example of Hotlinking:
<!-- Their website hotlinking your image -->
<img src="https://yourdomain.com/images/photo.jpg" />Why Enable Hotlink Protection?
Save Bandwidth
Prevent others from using your bandwidth allowance
Reduce Costs
Avoid overage charges from excessive bandwidth use
Improve Performance
Reduce load on your server
Protect Content
Control how your images and files are used
Enabling Hotlink Protection in cPanel
1Access Hotlink Protection
- Log in to your cPanel account
- Navigate to the "Security" section
- Click on "Hotlink Protection"
2Configure Settings
- Click "Enable" button
- URLs to allow access: Enter domains that are allowed to link to your files
- Extensions: Specify file types to protect (e.g., jpg, jpeg, gif, png, bmp, pdf)
- Allow direct requests: Check this if you want people to view images by entering the URL directly
- Redirect URL: Optionally specify a URL to redirect hotlinkers to
3Submit Configuration
- Review your settings
- Click "Submit"
- Protection is now active
Configuration Examples
Basic Protection
Allowed Domains:
yourdomain.com, www.yourdomain.comProtected Extensions:
jpg, jpeg, gif, png, bmp, pdfAllow Direct Requests:
YesAdvanced Protection with Redirect
Allowed Domains:
yourdomain.com, www.yourdomain.com, cdn.yourdomain.comProtected Extensions:
jpg, jpeg, gif, png, svg, mp4, pdf, zipRedirect to:
https://yourdomain.com/hotlink-warning.htmlManual .htaccess Method
Basic Protection:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|pdf)$ - [F,NC]With Image Replacement:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://yourdomain.com/hotlink-image.jpg [R,NC]Allowing Specific Sites:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F,NC]Testing Hotlink Protection
- Create a simple HTML file on a different domain or use a test service
- Try to embed an image from your protected site
- If protection is working, the image won't display (or will show your redirect image)
Common Issues and Solutions
Images Not Showing on Your Own Site
- • Make sure your domain is in the "allowed" list
- • Include both www and non-www versions
- • Check for HTTPS vs HTTP mismatches
Social Media Previews Not Working
- • Add social media domains to allowed list
- • Consider allowing direct requests (no referrer)
- • Some social networks use specific domains for crawling
Email Embedded Images Not Working
- • Check "Allow direct requests" option
- • Many email clients don't send referrer headers
Best Practices
- •Always include your own domain in the allowed list
- •Test thoroughly after enabling protection
- •Consider allowing search engines and social media
- •Monitor bandwidth usage to measure effectiveness
- •Create a friendly redirect image explaining the protection
- •Don't protect files that need to be publicly accessible (like RSS feeds)
Disabling Hotlink Protection
To disable hotlink protection:
- Go to Hotlink Protection in cPanel
- Click the "Disable" button
- Confirm the action
Or remove the hotlink protection rules from your .htaccess file.