A hotlink occurs when someone is directly linking content from your site to another site and uses your bandwidth to serve the files. For example, when someone is displaying an image hosted on your server on their own web pages. You can use this hotlink protection security feature in cPanel in order to prevent this from happening.
How to enable hotlink protection in cPanel
To enable hotlink protection in cPanel, follow the steps below.
- Log into cPanel.
- Look for the “Security” section and click on “Hotlink Protection” icon.
- Click “Enable”. A new page will open that displays the “Allowed referrers” and “Protected extension” lists.
- Click “Go back”.
- To allow specific sites to hotlink to your website, add their URLs in the “URLs to allow access” menu.
- To block direct access to files of specific types, add those file extensions to the “Block direct access for the following extensions” text box.
- For example, to block all .jpg images, add .jpg to the “Block direct access for the following extensions” text box.
- When you block these file types, others cannot hotlink those types of files from your website regardless of any other settings.
- To allow visitors access to specific content through the URL, select the “Allow direct requests” checkbox.
- For example, if you enable this option, a visitor could enter http://www.example.com/folder/example.jpg as a URL to access the example.jpg file.
- To redirect requests for certain content, enter the URL to which you want to redirect your visitor in the “Redirect the request to the following URL” text box.
- Click “Submit”.
To disable hotlink protection, click “Disable”. When you disable hotlink protection, the system deletes the entries in the list the URLs to which you wish to allow access list. We strongly recommend that you save the list locally before you disable hotlink protection.
How to enable hotlink protection in .htaccess
If you are not using cPanel on your server, you can still enable hotlink protection easily through the .htaccess file. You’ll just have to use the following code snippet.
RewriteEngine on
# Remove the following line if you want to block blank referrer too
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]If you want to display a “blocked” image in place of the “hotlinked” image, replace the last rule with.
RewriteRule \.(jpg|jpeg|png|gif|bmp) https://example.com/blocked.png [R,L]
