Outstanding hosting from just $2.95/mo Free site transfers on most plansVisit Siteground > X

Protect Your Hotlinks: Here’s How To Do It Using cPanel.

Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more
Personal skills

Not all hosting providers offer the same control panel software. cPanel is probably the best-known and most common - and for good reason.

Nearly every major host uses cPanel, though it's sometimes well hidden underneath a clever skin that makes it look quite different. It's popular because it gives users an intuitive graphical interface and does away with the need to use the command line for common tasks. Hosts like it because it cuts the cost of support.

Hotlink Protection in cPanel stops media files from being repeatedly downloaded or misused.

Hotlinking is a serious problem for many sites, especially those that contain a lot of images.

Often, these sites are exposed to high traffic from image searches, and that can be a drain on resources.

A hotlink is a link to a media file on your site from another website. The owner of the third party site decides to link directly to you instead of hosting that content themselves. The most common example is an image file embedded on a web page but hosted by another person. Every time someone visits their page, your server feeds the file to them, using up your bandwidth allowance.

Copyright issues aside, this means you are essentially paying to host the image for someone else.

Hotlink protection stops this. It's easy to set up, but it's not without its disadvantages. cPanel looks at the URL that is referring the request and denies it if it's not from your site. The website visitor sees nothing at all, or a default placeholder of your choice.

cPanel Screen Shot - HotLink Protection

Use cPanel's in-built tools to prevent direct linking to any file type you want to protect. This is commonly images, but it could be zip files, mp3s or any other type of content.

Here's how to do it.

  1. Log in to cPanel and click Hotlink Protection.
  2. Enter the domains that are allowed to use your files. Include both www and non-www variations.
  3. List the file types you want to protect. Separate each extension with a comma.

You can choose to allow direct requests if you wish. Direct requests have no referrer at all; generally these users have browsed directly to the image.

In some cases, you might want to allow hotlinks to your content. Why? It's sometimes necessary.

A common example is RSS. If you include images in your RSS feed, people who read the feed via a web-based provider won't see the images.

Hotlink protection can also be a resource drain. Every time content is requested, the server has to check and see if the request is for a file type that is protected. If it is, it must then check and ensure that the referring URL is allowed. While not a big deal on a small site, hotlink protection is a step backwards if you're aiming for a speedy site.

Hotlink protection can be a valuable tool that may keep your content safe.

If you use it on the wrong type of site, it can be a major headache and it can also deter legitimate visits to your site.

In the end, it's an individual decision, and it probably depends just how valuable your content is as to whether hotlink protection is worth the headaches.

Prevent Hotlinking with .htaccess

Note that our examples only cover lower-case file extensions for simplicity.

Stop All Hotlinking

The following code will return a 403 Forbidden error instead of the requested file, unless the referrer is yourdomainatDH.com.

RewriteEngine On
 RewriteCond %{HTTP_REFERER} !^http://(www.)?yourdomainatDH.com/ [NC]
 RewriteCond %{HTTP_REFERER} !^$
 RewriteRule .(jpeg|jpg|gif|png)$ - [F]

Remember to change yourdomainatDH.com to your actual domain name or you'll see 403 errors on your own site.

Stop Hotlinking From Certain Domains

The following code will return a 403 Forbidden error instead of the requested image.

This will only occur when the image is requested by hotlinkingsite.net or hotlinkingsite.com.

 RewriteEngine On
 RewriteCond %{HTTP_REFERER} ^http://(www.)?hotlinkingsite.net/ [NC,OR]
 RewriteCond %{HTTP_REFERER} ^http://(www.)?hotlinkingsite.com/ [NC]
 RewriteRule .(jpeg|jpg|gif|png)$ - [F]

Stop Hotlinking From All Domains With Exceptions

The following code will produce a 403 Forbidden error instead of the requested image, unless the image is requested from yoursiteatDH.com or myspace.com.

Note: one of the allowed sites should be your domain or you'll block yourself from using your own images.

RewriteEngine On
 RewriteCond %{HTTP_REFERER} !^http://(www.)?yourdomainatDH.com/ [NC]
 RewriteCond %{HTTP_REFERER} !^http://(www.)?myspace.com/ [NC]
 RewriteCond %{HTTP_REFERER} !^$
 RewriteRule .(jpeg|gif|png)$ - [F]
Claire Broadley

About Claire Broadley

Claire has been creating websites for over 20 years and has been using WordPress for over ten. She is an expert in web hosting, design, HTML, and more. She lives with her husband and son in the United Kingdom.


Thanks for your comment. It will show here once it has been approved.

Your email address will not be published. Required fields are marked *