Various sources are quick to disparage hotlinking, citing that it’s like driving a car with stolen gas. But is it purely bad or can it benefit the hotlinked site? That’s the point of reference we kick-start today’s blog. It’s true that hotlinking, inline linking, or leeching is not always positive. We’ll examine the reasons why along with ways to stop hotlinking. What if there are websites already leeching on your images? Well, you can generate backlinks from the leechers and improve your SEO. Interested in learning more? Let’s get started.
What is hotlinking?
Hotlinking entails embedding media from third-party sources by using the direct link. It’s also a simple and ‘innocent’ practice. Why call it ‘innocent’? That’s because many people do it without realizing that it’s wrong. Let’s say, I’m uploading my finished blog post on WordPress. I need a simple picture of a happy dog as my featured image. Like many people, I head over to the search engine and type “Happy dog images.” WordPress and other CMS support inserting media files from URLs. I may browse around for the best image and copy its link. I’m not downloading and stealing the image from the original site. At this point, I may assume that I’m not breaking any Copyright and Reproduction laws. The original owner still hosts the image on their server. I’m only using a few lines of code to tell the browser to fetch the image. Well, it’s still not acceptable because you’re using their files without their permission. Many sites don’t even know that you’re hotlinking.
Is hotlinking bad?
There are two sides involved, and it’s essential to examine both perspectives.
Why Hotlinking is bad for the hotlinked site
1) May increase bandwidth usage
The client’s browser has to request the image from the host server. Handling third-party image requests is a waste of bandwidth. Consider a situation when you’re running your website on a shared server. If a website with a lot of traffic hotlinks your image, it may increase your bandwidth usage. Most plans have unmetered bandwidth not “unlimited.” The hosting provider may respond by sending an email asking you to reduce the usage. Or find the account to be in breach of the Terms of Service.
2) Can impact the users experience on the main site
Hotlinking consumes network and hardware resources. It can even impact the server performance. Due to too many requests for hotlinked images, normal requests may take a long time to load or cause 503 errors.
3) Unauthorized use of copyrighted material
Good images and videos are not always free! You may have purchased images from stock websites or commissioned original photos. Hotlinking may mean benefiting from someone’s work unfairly.
How to find out if other websites are using your images via hotlinking
Step 1: Go to Google Image Search
Step 2: Enter the following search phrase (inurl:sitename.com -site:sitename.com). For instance, we’ll try to find sites using images from Mozilla. The search phrase will be inurl:mozilla.org -site:mozilla.org/
Step 3: Click search and check the results.
Why hotlinking is bad for the linking site
There are pitfalls of hotlinking images from other websites:
1) You have no control
The rightful owner may choose to update their links, and this will result in broken images.
2) They may fight back
They can block hotlinking by modifying the .htaccess file. While at it, they can substitute the images that you may have hotlinked with warning messages. Some may troll you as in the famous case of Oatmeal vs Huffington Post.
3) It’s bad practice
Unless the original site explicitly allows it, it’s always bad practice. They invested their time and resources to create the images. When you must do it, always include a backlink or ask for permission.
Is hotlinking bad or good for SEO?
Does a hotlink qualify as a regular backlink link? There are two opposing views. Some people say that any hotlink is a ranking signal. An image with many hotlinks must be good and will rank higher on image search results. The opposite position is that hotlinks are useless. What is Google’s position on the matter? John Muller, a Google search advocate, revealed that Google doesn’t treat hotlinks as real links. Authority is only passed when the third party also includes a backlink to the website.
Just to be really clear, there’s no need to disavow if a site embeds images from your site. We don’t see those as links to a site. (Sometimes people embed images AND link to your site, in that case, links are links, do whether or not you disavow … it depends)
— 🦙 johnmu.xml (personal) 🦙 (@JohnMu) September 26, 2019
Have you decided to allow hotlinking? We recommend:
- Choosing hosting plans with adequate bandwidth;
- Branding your images by adding a watermark. It ensures that people can find your site;
- Uploading optimized images such as JPEG instead of PNG, with smaller file sizes to prevent unnecessary bandwidth consumption.
Generating backlinks from already hot-linked images
Start by performing the Google Images search to find websites that are using your images. Write to the website admin stating that you have discovered their use of your images. Express that it is causing a drain on your bandwidth and resources. Request them to provide proper attribution by including a backlink to your website. For instance, “Credits [yourwesbitename.com]”.
When is it okay to hotlink images?
Unsplash is a clear example of an image service that allows hotlinking. But you have to use the links provided by the API. It allows them to collect useful metrics for image creators such as the number of downloads. Another case that qualifies as permitted use is uploading images to image hosting services and hotlinking to other sites. These services are also clear about their hotlinking policy. For instance, some allow hotlinking on forums but not on blogs.
How to prevent hotlinking to your site
Let’s explore some of the 7 best ways to prevent hotlinking to your website.
1) Edit the .htaccess file – Preventing hotlinking on Apache
Is your website running on Apache? Modifying the “hyper access file” or .htaccess file can help block hotlinking. Access the file by logging into CPanel and open File Manager. Select Settings and under enable Show Hidden Files.
For editing a single domain, open public_html, select the .htaccess file and choose edit.
You need to add the following code to prevent hotlinking:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf)$ - [NC, F, L]
There is an option to display a custom image when someone tries to hotlink the files. Under Rewrite Rule add the URL with the custom error image after the file declaration, e.g.
RewriteRule \.(jpg|jpeg|png|gif|bmp) https://example.com/blocked.png [R,L]
*Replace example.com with your unique website address. The code may seem confusing, but here is a quick explanation: – “RewriteCond %{HTTP_REFERER} !^$” permits indexing by bots and grants access to requests by users using proxies or antivirus programs that strip the referrer address. – The third line defines the allowed referrer. If it’s not “example.com”, block direct access for file types listed on line 4. (Rewrite Rule). Here are a couple of resources where you can dive deeper:
- How do I prevent image hotlinking – Dreamhost
- Block Hotlinking with .htaccess – Pair.com
- Htaccess empty referer deny “google bot” – Stackexchange
- RewriteRule Flags
2) Preventing hotlinking on Nginx
A significant number of websites use Nginx. You can configure the configuration file to disable hotlinking. First, log into the web server and access the configuration file.
Under the server block, add the following code snippet:
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}
If you want to dive deeper, you can also check out the following resources:
- Prevent Hotlinking Images on Nginx – Tony Teaches Tech
- Prevent Image Hotlinking in Nginx – Ubiq
- Nginx configuration file location – Dreamhost
3) Turn off hotlinking from the CPanel
There is a simple way to turn on hotlink protection from the CPanel. First, log in with your username and password.
Scroll down to the security section and choose “Hotlink Protection.”
The “URL to allow access” should include all your website subdomains. You can also list all the file extensions that should be protected from hotlinking.
In case you want to dive deeper, check out the Hotlink Protection guide from the CPanel Help section.
4) Use WordPress plugins to disable hotlinking
There are some plugins you can use to make your site more secure against leechers. All In One WP Security and Firewall comes highly recommended. It provides all-around security with over 900,000 installs. After activating it, go to WP Security > FireWall > Prevent Image Hotlinking.
5) Prevent hotlinking for websites like running on CDNs
Is your website deployed on a content delivery network such as Cloudflare or KeyCDN? Hotlinking protection comes built-in, but you need to enable it. Check out these official guides:
- Understanding Cloudflare Hotlink Protection (CloudFlare)
- Prevent Hotlinking by Using AWS WAF (Amazon CloudFront)
6) Disable right-clicking
Don’t want to change the .htaccess file? Consider disabling right-clicking which prevents someone from easily copying the image address. If you are using WordPress, search for content theft plugins. On the Wix App marketplace, there is a right-click protect app. You can also change the code directly. Now, this method is not fool-proof as someone can use developer tools to check the URLs.
7) Changing image URLs
You can also change the image URLs by deleting and uploading the images again. Renaming the hotlinked files can also change the URL resulting in broken image links for the leechers. Create a Zone Referrer (KeyCDN Hotlink Protection)
8) Add watermarks
Watermarks discourage unauthorized use. Someone may not want your URL, website name, or logo on their website. But depending on the watermark position, someone can edit out the branding.
9) Block IP addresses
Check your WebHost manager to see if you can block IP addresses. You can also use analytics to monitor traffic and find sites sending too many requests. Check their IP addresses and block them.
Alternative to hotlinking: Use free original images!
Free image libraries such as Unsplash, Pexels, and Pixabay provide millions of files, and are among the free stock photos sites with the most images. Our ImageSuggest add-on for Google Docs is a free image search tool that can suggest the best images to use from these sources. It’s as easy as selecting a part of your text and clicking the suggest button to see suitable images. You can also search for free images without leaving Google Docs. If you don’t use G Suite products, you can also find images from your web portal. After uploading free images to your web server, you will never have to worry about broken links or DMCA takedown notices.
