Hotlinking – How To Handle It In Your WordPress Site

  • 3
    Shares

What is hotlinking ?  

In plain English it is  one of  those  annoying  things  that  you put up with   when  you own a  website – especially one  with beautiful  media files.  This is  when an outside web source is actively linking and accessing a resource hosted by you, which  was  not  created  to  be  accessed in isolation. The linked resources could be  images , audio, video , pdfs and so on.

So what exactly is the problem ?
More often than not it is not an issue to worry about – an image hotlinked here or there is not going to cause you much heartburn and if you keep track of your analytics and server stats you have pretty good idea about who links to which resource of yours.

From an SEO standpoint it can be considered as a desirable activity as part of link building . It might boost your ranking with search engines. On the flip side, if the hotlink is being accessed many times without generating any other traffic for you (page views) it just drains your bandwidth. It is even more of an issue when scrappers try to pass of your beautiful content as their own!

How does it work ?
Well this is not a tutorial for hotlinking but understanding how it works can help you in preventing it. To hotlink a resource all you need to know is the url to it. For example in many web browsers you can right click on an image and copy the link to it . Paste the link on the new browser window and voila you have accessed it without going through the page hosting it.

Another way is to look at the page source, more often than not the source will tel you all you need to know about the resources accessed by and displayed on the page.

Right Click is it ?
Yes – that is one way of preventing hotlinking to the pages . Use a plugin to disable right clicking and view source is one way to do it. This is going to discourage only the laziest of scrappers . But yes , you have to add a plugin or script to the site  and   this  could  potentially affect  the  site  load speed.

Using cPanel
Chances are your webhost is using cPanel. It might look different from host to host , but the underlying scheme will be the same. The good thing about cPanel is that it is user friendly and intuitive. The fear of “Am I going to break the server ” is much less when using this interface  than  when  you  make  changes  directly to  the  files.

So login to your cPanel and look for something like this –  Hotlink protection  will be  grouped  under  Security , so look for   it  there ..
CPanel hotlink protection

Click on the hotlink protection. The default for this setting is disabled. Click on enabled and add a list of all the sites that you want to allow to hotlink to the list. There may be a default list populated with all the sites that are owned/managed by you.

Setting Hotlink Protection
The next step is to define what resources to block the direct access to – again by default the image files extensions may be populated here. If not add the extensions of resource here – as in the picture .

Finally check the box for allowing direct access. This allows users to type the url directly on a browser address bar and access it and helps certain types of users who are behind firewalls that strip the referring url information.

Here is an   example  of  what  happens  when  hotlinking is disabled.

This  should  be a  warning  for  you to  avoid  hotlinking  as  well. Remember it is a  resource  you have no  control over !

Redirect ?
Well here is the fun part – you could redirect these request to a specific url – say “OOOPPPPS I I thought it was here to steal ” or something similar or you could direct it to your homepage . But remember it is still your bandwidth that is  being  utilized.

As for me I would leave it be.

Do you want the geeky version ?

Well here is what you do.
Go to your .htaccess file . Don’t know what and where it is ? Just do the cPanel version.

Add this code to your .htaccess

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?MyDomain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .(jpeg|jpg|gif|png)$ – [F]

Replace MyDomain with your domain name and this code will return a Forbidden error for all request other than thos e come from your own domain.

Now if you want to prevent only a certain site from linking to your site here is what you do

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www.)?Idontwantyoutolink.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www.)? Idontwantyoutolink.com/ [NC]
RewriteRule .(jpeg|jpg|gif|png)$ – [F]

This will prevent Idontwantyoutolink.net and Idontwantyoutolink.com from hotlinking to your site’s images.
You have to add an entry for each site that you need to prevent from linking.

What to watch out for

Using these access control rules are also a drain on the server resources. Every time a resource is requested the server has to run through the checklist and verify, which could in turn slow things down as the traffic volume increases. So you have to strike a balance. Sometimes something as simple as renaming a resource does the trick. Here again use caution, it might break a legitimate link that you would rather leave intact.

There are many valid instances where hotlinking is your ally – rss feeds, image searches all use these and if these are a major source of traffic for you , you have to make sure that their access to your site’s content is not compromised.

In conclusion
Preventing hotlinking in this manner should not be your first line of defense. Make sure that there is a clear copyright and content policy defined that you can link to and send to the errant owners. Most cases that will the last you hear of it . The content is copyrighted even without a clear notice , but more often that not people are unaware of it.

References
Wordpress htaccess – http://httpd.apache.org/docs/trunk/howto/htaccess.html
Apache htaccess – http://httpd.apache.org/docs/trunk/howto/htaccess.html
Apache rewrite rules – http://httpd.apache.org/docs/trunk/mod/mod_rewrite.html#rewriterule


  • 3
    Shares

About

    Leave a Reply

    Your email address will not be published.