How To Protect Your WordPress Against Hot Linking?


👉 Divi Builder drag/drop page builder for WordPress

A lot of us have done it in the past, hopefully without knowing. You read a blog, you see a nice image that you can link to, and you do it without really thinking about the ramifications of your actions. In general, you should not link to an image that you do not have the right to, and you should not others’ bandwidth to serve the image on your site. But a lot of folks do it, and that’s a big problem for folks.

You have two options at this point. You can either watermark your WordPress images (read a tutorial on it here) or you can use .htaccess to protect your images from getting linked. Hot Linking is not a big issue if you are not serving that many images or your blog is not that popular. But once you start getting real traffic, it’s easy to get over your monthly hosting limits if people hot link to your images. That’s why I prefer using the .htaccess instead of watermarking my images. I rather cut off the access altogether.

So here is how I would do it using .htaccess. Please note that there are plenty of tools that you can use to customize your htaccess, and there are multiple ways of doing this, but here is what has worked for me:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wpjedi.com/.*$ [NC]
RewriteRule \.(gif|jpg|png)$ - [F]

For those of your not familiar, here is what we are saying. We are saying that if the referrer is not WPJedi.com (not case sensitive) or any of the sub-directories, return a 403 error code. Now you can grab this and use it on your own domain, but make sure that you change wpjedi.com with your own domain. Also, as you can see, WPJedi currently doesn’t host any video files, but if you are doi10ng that, you want to make sure you add .mov, .avi or whatever extension you are using for your videos to the fourth line.

Did I miss anything? Do you do it another way? Please share your experience with the code.

More WordPress reading: