What's WP
Find Everything Related to WordPress - Best Tutoriasl on WordPress!
The Best Ways to Prevent Image Hotlinking in WordPress

The Best Ways to Prevent Image Hotlinking in WordPress

We have summarized the best ways to prevent image hotlinking in WordPress sites, helping you stop image hotlinking which not only steals your images, but also takes advantage of your bandwidth. All methods are effective, easy to finish, and tested by our editors on this website already. You can learn about the specific steps as the following.

What’s Image HotLinking?

In general, if you want to insert an image into your post, you need to upload this image on your hosting server, and insert it by adding the image URL. However, some folks display images on their website by linking to the same images on your website without your permission. Briefly, this is image hotlinking.

Image hotlinking is annoyed because it steals your images as well as costs your bandwidth. Every time someone visits the hotlinking website, the image is loaded from your server, which consumes your server bandwidth instead of theirs. If your website has many image hotlinks, it can be slow down greatly.

In below, we have introduced several ways to prevent image hotlinking. You can learn about them to optimize your website.

Prevent Image Hotlinking With cPanel

This is a default feature of cPanel control panel. Therefore, if your web host provides you with cPanel for website management, you can take advantages of this hosting feature easily.

After logging into your control panel, you need to navigate to the Security area and click the HotLink Protection icon.

HotLink Protection Icon

By default, HotLink Protection is currently enabled. What you should do is to determine the following aspects.

  • You need to enter the URLs that are allowed to use your images, including your own domain and the domains of your other websites hosted within the same web server.
  • You also need to enter the file types you want to protect with their exclusive extensions. The common extensions include jpg, gif, png, bmp and jpeg.
  • If you want your images to be showed in a browser by entering the image link, you should check the box of allowing direct requests.

HotLink Protection Settings

After entering these blank spaces and clicking the submit button, you can have your images protected from being hotlinked.

Prevent Image Hotlinking With .htaccess

In general, editing .htaccess file is the easiest way to prevent image hotlinking in WordPress sites. First, you need to create .htaccess file if you are currently not using any .htaccess in your web account. On the other hand, if you have had it already, just open it to edit. Note that you’d better backup it before editing.

Then, paste the below code into the .htaccess file.

prevent hotlink code

If you are confused with it, let’s explain it in detail.

  • Line 1: enabling the redirection process.
  • Line 2: allowing blank referrers to view the image.
  • Line 3: allowing ‘your-site.com’ to view the images.
  • Line 4: replaceing ‘your-other-domain.com’ with the proper domain name if you want to allow other sites to use your images.
  • Line 5: replaceing all unauthorized images to be replaced by the image.

Prevent Hotlinking With web.config

If you have hosted your site on a Windows server with IIS solution, you need to edit your web.config file and add into the below code.

prevent hotlink code

If you are confused with it, let’s explain it in detail.

  • Line 1 : starting the rule and giving it a name.
  • Line 2 : matching any requests to files ending with jpg, jpeg, png, gif or bmp.
  • Line 3 : starting your conditions
  • Line 4 : matching any referrers that are NOT empty
  • Line 5 : matching any referrers that are NOT from your own site
  • Line 6 : closing off conditions
  • Line 7 : performing a rewrite to your specially prepared image

In addition to edit the web.fig file, you can add these rules within the IIS manager. The detailed process is the just as the below picture.

IIS manager

Use WordPress Plugins

WordPress plugin is the most effective method to extend WordPress functionality. As well, you can also utilize WordPress plugins to prevent image hotlinking. In below, we have listed 3 of the most popular plugins, and you can find many more in the WordPress.org.

  • WP Hotlink Protection –An automatic image hotlink protection plugin for WordPress sites. It is a single step script designed to prevent others stealing your images. It allows you simply add a .htaccess file to your root folder to stop the external web servers from linking directly to your images.
  • Better security – The best security plugin for WordPress websites. It provides the best security features and techniques and combines them to ensure the security holes can be patched without conflicts. Besides, it also removes the hotlinks on your website to protect your pictures and ensure your website performance.
  • ByREV WP-PICShield – A professional image hotlink protection plugin for WordPress. It is the best plugin to protect against hotlinking images by search engines and other sites that basically steal your bandwidth.


All these methods are practiced and effective, and you can use one of them for your website, or integrates two or three to boost your website security. We hope these can help you avoid hotlinking and save bandwidth. If you still have any question, feel free to ask via comments.


Joyce is a professional writer & SEOer who loves trying new things and sharing the experience through blogging. She loves clean design, playing with different WordPress themes, SEO, etc. Very often, you could find her in various WordPress event as invited speakers.