What is Hotlinking and How to Prevent It in WordPress
Whatever kind of website you are running, we’ll bank on it containing… content. And creating, hosting and presenting content has a cost: in time, money, personnel hours, hosting space, bandwidth, electricity, and even environmental impact: you name it. But you already know this, don’t you? You have to invest something to build anything. So what are we on about? Well, there are ways bad actors make unscrupulous use of other people’s resources, and hotlinking is one of them. In this article, we will be talking about how you can prevent hotlinking and safeguard your resources.
But what is hotlinking? Is hotlinking all that bad? How does it affect your website’s resources? We will attempt to answer these questions, and others, in the subsequent section of this article. If you feel you know enough about hotlinking already and just want to learn how to prevent hotlinking to your website, feel free to select the tutorial section from the table of contents below right away.
Here’s what we’d like to talk to you about:
Hotlinking is known by various other names, including piggybacking, leaching, inline linking, direct linking, and offsite image grabs. Take a good look at some of those terms, such as piggybacking and leaching: they are very evocative, coming close to being self-explanatory.
What it means is the use of an object belonging to one website on a web page of another web site. For instance, a website could be hotlinking to another website’s image.
This is built into the architecture of the internet – specifically, hotlinking is a feature of HTTP. All links are functionally the same, and all resources can be located on any server. HTTP has little regard for copyright, though. It was created to make information sharing easier, not more difficult. This means that, in case you want to prevent hotlinking, you need to take some steps yourself.
Some go so far as to compare hotlinking with theft. That hotlinking is illegal is not always correct, though: it may be that the hotlinked content is in the public domain, for instance. However, it may constitute copyright infringement.
Say you are hosting an image on your website. And say that you have created said image, and want to keep it exclusive for your website. In that case, a website hotlinking to it likely violates your copyright. Worse still, say you have paid to use the image on your website, and another hotlinks to it. You have then effectively made exclusive content available to people who did not pay for it, effectively costing you money.
But it’s not just about exclusive content. Hotlinking is a drain on server resources as well. If your content is hotlinked by a high-volume website, your regular visitors might find it unavailable, as if targeted by a DDoS attack. Worse still, your own host might suspend your website in order to deal with unexpected traffic, or insist on charging you more for it. And all the while whatever monetization scheme you have going on isn’t bringing you anything extra, in spite of more people viewing your content.
So, at the very worst, hotlinking hurts your bottom line. At the very best, your host gets more traffic while your website gets no new visitors.
Choose a CDN Carefully
CDN stands for Content Delivery Network. There is a lot we could say about how CDNs work and what good they are, but the principle is simple enough: a network of servers whose primary purpose is to reduce latency, or server response time by serving different users the same content from a variety of servers.
If you are using a CDN – and there is no reason not to, if you can afford it – choose your CDN provider carefully. Specifically, choose a CDN with a hotlinking prevention mechanism in place.
Disable Hotlinking on Apache
If your website is running on Apache, you can make some changes to your .htaccess file in order to prevent hotlinking while allowing crawling. Simply locate your .htaccess file and add the following code to it:
RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC] RewriteRule \.(jpg|jpeg|png|gif|svg)$ http://myimage.jpg [NC,R,L]
This code will allow your website to be crawled by bots from whitelisted domains: Google, Yahoo, and Bing, in our case. This allows them to store thumbnail versions of images from your website in order to include them in rich results. You can use the same code to allow other search engines to do the same.
Of course, you need to replace yourwebsite.com with your website URL. The final line of the code given here can be omitted, but the URL in it can be used to point to a placeholder image given instead of the content the hotlinker wants to hotlink to.
Check Your Settings
Your hosting account may provide settings which disallow hotlinking for your website. You may need to consult your hosting provider if that is the case. If your website is running on Apache and you are confident in your ability to edit the htaccess file, you can consult the section above, but other hosting providers may have other options available.
Disable Right Click
While this is not fully effective, you can disable right clicking on your WordPress website. This will not prevent most people who are really bent on stealing your content, but it will make it difficult for them. They will not be able to copy an image or its URL with ease and link it on their website, for instance.
Rename Files
A quick fix which you can use at a pinch is simply to rename your media files. The file name is an important part of the URL. Change the file names and links on your website, and the hotlinking websites will not be able to use your content, throwing up 404 errors. To be fair, this is a pedestrian method: it is time-consuming to change a large number of file names and their links on other pages of your website. Not to mention that file name changes can affect your SEO: you want a media file to have a logical name.
In Conclusion
As you can see, hotlinking is not something you should be cavalier about tolerating. There are some easy steps you can take to prevent hotlinking, and most of them require a quick change to your settings. So, safeguard your resources and protect your bottom line: now you know how.