Generally speaking, hosting plans in the blogging community offer around 15GB to 25GB of monthly bandwidth. If your blog consumes an unusually large amount of bandwidth each month, it could mean your blog is quite popular, or you’re using lots of inline images or MP3 files. But it might also mean your images or MP3s are being hotlinked. A friend of mine once uploaded an MP3 file to his hosting — within just two days, his entire 15GB bandwidth was consumed.
I manage a Photoshop tutorial website. After the Candy Album incident, I decided against using external image hosting, so images are stored locally. With lots of images comes lots of bandwidth consumption. To prevent the site from being crushed by image bandwidth theft, I needed to set up hotlink protection.
Method 1: Modify the .htaccess File in Your Site’s Root Directory
Most WordPress blogs run on Linux hosting, so you can use FTP to navigate to the root directory and find the .htaccess file. Add the following:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !imzl.com [NC]
RewriteRule .(png|jpg)$ /nophoto.png [R,NC,L]If you want to allow certain other websites to use your images, you can add their domains after
RewriteCond %{HTTP_REFERER} !imzl.com [NC], for example:
RewriteCond %{HTTP_REFERER} !imzl.com,blog.imzl.com,tool.imzl.com[NC]
You’d typically add RSS feed URLs, Baidu, Google, and the like.
The last line’s nophoto.png is the replacement image for hotlinked images. I recommend keeping this image as small as possible — perhaps a big red X with a “No Hotlinking” message.
Friendly reminder: I don’t recommend blocking gif|jpg|png all at once. For example, if you’ve blocked png but your replacement image is nophoto.png, that’s going to cause problems. If you want to block all three types, use this line instead:
RewriteRule .(gif|png|jpg)$ absolute image URL (with http://) [R,NC,L]OK, hotlink protection via .htaccess is complete. The same technique works not just for images — by adding other file extensions, you can set up hotlink protection for other file types as well.
Method 2: Use the WordPress Hotlink Protection Plugin
Download WordPress Hotlink protection plugin
After installing the plugin, you can access its settings page.
In the plugin settings, you can specify the image path to protect, such as wp-content/uploads. If images under that path are hotlinked, the hotlinking page will display a warning image instead of the original — and you can configure that warning image in the plugin settings too.
Method 3: Windows Hosting Backend Settings
If you’re on Windows hosting, you can set up hotlink protection directly through the hosting control panel. Since I don’t currently have Windows hosting, I won’t demonstrate this.
Method 4: Set Up Hotlink Protection via cPanel
If your Linux hosting uses cPanel, you can configure it through the panel.
-
After logging into cPanel, click Security -> HotLink Protection. This feature prevents other websites from directly linking to files on your site, effectively providing image hotlink protection.
-
It may be disabled by default — click “Enable” to activate it.
-
Next, configure HotLink Protection. Under “URLs to allow access,” enter your own site URLs — these are the sites you want to permit to use your images.
-
Under “Block direct access for the following extensions,” enter the image file extensions used on your site, separated by commas, e.g., jpg,jpeg,gif,png,bmp.
-
Under “Redirect URL to,” you can set a copyright image that will be displayed by default when someone illegally hotlinks your images. Just enter the image URL.
-
After completing the above settings, click “Submit.” You can then test it by embedding one of your site’s images on another website to see the result.
Method 5: Add Watermarks to Your Images
Many people use this method, though quite a few folks will still hotlink watermarked images regardless.
Method 6: Simply Don’t Store Images on Your WordPress Host
OK, this is the most extreme method — just don’t include images on your blog, or use externally hosted images. But this is getting off-topic; consider it a little joke.
OK, the tutorial ends here. If you have other good methods, feel free to leave a comment and let me know — I’ll add your suggestions right away. Also, there are plenty of such tutorials already on Baidu and Google. None of these methods are original to me; I’ve simply compiled them together.