How to disable hotlinking in WordPress?

Stealing can harm anyone; Whether it’s financially or non-financially. Since nowadays businesses are trying to be more activated on social media, stealing and copying other’s content and images are increasing. One of the most popular ways of stealing is hotlinking. Therefore, it is necessary to explain how to disable hotlinking WordPress.

In this article, we are going to explain the meaning of the hotlinking concept and then introduce you to the methods you can use to disable hotlinking in WordPress.

What is image hotlinking?

Hotlinking is the act of copying another website’s image URL and use it in your own website. Although the image is displayed on the second page, all the requests to load the image are sent to the first website server. Therefore, besides stealing an image from the owner’s website, you are also using their bandwidth to load their images on your own website.

How to disable hotlinking in WordPress?

What is WordPress? Well, WordPress is the most popular CMS among users. Many websites are using WordPress because of its flexibility and different plugins designed for it.

In this section, we are going to explain the methods you can use to disable hotlinking WordPress.

Edit .htaccess file

The first method to disable hotlinking WordPress is to edit the .htaccess file. In order to edit this file, it is vital to access to your website using an FTP server. Therefore, first of all, you have to download and install FileZilla on your system to access your files.

After the installation, open the root folder and find .htaccess file. Right-click on the file and select View/Edit. This file will open in your default text editor and you can now apply all the changes you want. .htaccess file informs all the access permissions to the server.

Use a WordPress plugin (All in One WP Security & Firewall)

Another method to disable hotlinking WordPress is to use the All in One WP Security & Firewall plugin. This plugin has more than 800k active installations, and is one of the best WordPress Firewall plugins. Security & Firewall rules are categorized into basic, intermediate, and advanced.

This plugin is compatible with WordPress and it won’t slow down your website. This free plugin allows you to add firewalls and security to your website using the .htaccess file.

You can download All in One WP Security & Firewall in your WordPress dashboard or official WordPress website.

Use CDN with Hotlink prevention

CDN is short for Content Delivery Network. Most websites use a CDN provider to speed up the request sent to the server in order to have a better user experience.

You can disable hotlinking WordPress using CDN. It blocks all the load requests from other websites and nobody is any longer able to use your content and website bandwidth.

As an advantage, you don’t have to change any settings in the WordPress installation process and you can easily choose the copyright rules you want using KeyCND tools.

Use cPanel Hotlinking prevention tool

If your website domain is using cPanel, you can use its default hotlink prevention tool to disable hotlinking WordPress. This is one of the easiest methods you can use to prevent hotlinking.

Before disabling hotlinks, make sure it is not disabled for your subdomains and bots which need hotlinking your URL to display the images.

Follow these steps to
activate hotlink protection:

  1. First of all, click on “enable”. A page will be displayed to you listing all redirect actions to your website.
  2. Choose “Go back”.
  3. If you want to allow some domains to access hotlinking, insert their URL in the “URLs to allow access“ menu.
  4. To block any specific files, add them to the “Block direct access for the following extensions” menu.
  5. On the other hand, to allow access to any specific files, add them to the “ Allow direct requests”.
  6. You can also provide an alternative URL to redirect your visitors to another page instead of displaying the image they’ve requested.
  7. Click on “Submit” to save all the changes.

In order to disable hotlinking WordPress, the only action you need is to click on the “disable” option.

Disable right-click

Our next solution is to disable the right click which is suitable for normal users and beginners. This method enables visitors to right-click on any pages of your website or even copy your website URL.

In one of our previous articles, we have completely explained how to disable copy and right-click. You can also use numerous plugins designed to disable right-click.

One of these plugins is Prevent Content Theft [Disable Right Click] which you can download from WordPress’s official website or in your WordPress dashboard. This plugin disables right-click on your website so that nobody is allowed to copy your website content especially your images.

All shortcuts will be disabled if you upgrade your plugin to
the premium version. In the premium version, users are not allowed to select or
drag & drop anything on your website. Whenever users try copying an image
or a text of your website, an alert will be shown to them. It is also possible
to exclude some specific pages or posts and allow users to copy it.

There are some other plugins you can install to disable hotlinking WordPress.

Enable hotlinking in Apache

If you are using Apache, you have to add the following codes to .htaccess file in order to prevent hotlinking. We’ve already explained in detail about .htaccess and there is no need to mention them all again.

/* Prevent image hotlinking in WordPress */
RewriteCond %HTTP_REFERER !^$
RewriteCond %HTTP_REFERER !^http(s)?://(www\.)? [NC]
RewriteCond %HTTP_REFERER !^http(s)?://(www\.)? [NC]
RewriteCond %HTTP_REFERER !^http(s)?://(www\.)? [NC]
RewriteCond %HTTP_REFERER !^http(s)?://(www\.)? [NC]
RewriteCond %HTTP_REFERER !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

Enable hotlinking in Apache

These codes prevent other websites except your own pages such as your Facebook, Google, Twitter, etc. to access your images and they are not allowed to use your images URL on their own websites.

The last line provides all the file formats you are about to
disable copying. In this example png, jpg, jpeg, and gif files are not allowed.

Enable hotlinking in NGINX

If you are running your website on NGINX, by adding these codes to the config file, you can prevent hotlinking.

location ~ .(gif|png|jpeg|jpg|svg)$ 
     valid_referers none blocked *;
     if ($invalid_referer) 
        return   403;

How to know your image has been stolen?

Generally, it is not easy to understand if your image has been stolen or not. One of the signs for this problem is the time your website takes to load a page. But how is it possible to make sure this low performance is because of hotlinking?

There are different methods you can use to identify and be sure about this problem. For instance, you can use CDs such as Cloudflare to use its hotlink protection feature.

But one of the best and easiest method to identify the thief is to use Google Images and add the following codes:

Instead of, it is necessary to enter your website URL.

 This tool scan all the pages on your website and those links which are your own URL will be deleted from the list.

The image below shows our own website ( and a list of all websites using our URL is provided to us.

Using this method, you can identify fraud websites and disable hotlinking WordPress.

Leave a Reply