If you have a lot of images on your site, you might be vulnerable to other sites stealing your bandwidth and basically using your site as a CDN! Hotlinking is when another site uses an <img> tag and places your site in the “src” tag, thereby pulling the image directly from your server. There’s no attribution unless the hotlinking site deliberately chooses to do so. In this article, I’ll show you how to use the hotlink protection tool in cPanel.
Table of Contents
Example: Uploading and Hotlinking an Image
In this example here, I’ve uploaded a Creative Commons image to the root folder of my RoseHosting directory:
As you can see below, I can now just type in the URL for the image and it shows up in my browser:
This is what hotlinking looks like. The image is accessible from anywhere in the world using just the URL. Whether that’s a site, or a browser, with or without your permission. The downside is that it can eat up your bandwidth if someone else does it and steals your images at no cost to them.
Luckily, cPanel allows us to defend ourselves against this. Here’s how to use it.
Step 1: Enable Hotlinking in cPanel
Log into your RoseHosting cPanel account and scroll down till you reach the “Security” section and click the “Hotlink Protection” icon as shown here:
The next screen allows us to configure Hotlinking. To get started, click the blue “Enable” button as shown here:
The box below labeled “URLs to allow access” contains a list of URLs from which these images can be accessed. This is important because you want to be able to access your own images from your site! So as long as you use the <img> tag on a page belonging to one of the URLs in this box, the image will show up.
You can also add your own URLs here if you want to access the images from one that’s not in the list. Finally, the last box is labeled “Block direct access for the following extensions (comma-separated)”. This is a comma-separated list of file extensions to which you want to block access. By default, this includes the common image extensions but can be modified if you want.
After enabling hotlink protection, you should get the confirmation screen as shown here:
Now let’s test and see if it’s working.
Step 2: Testing Hotlink Protection
Earlier, I did a test where I access the cat image from a browser by directly typing in the URL. With hotlink protection enabled, this doesn’t work anymore:
As you can see, I now get a “403 Forbidden” error. Problem solved! Now only URLs in the earlier list will be able to access images on this server.
Works by Using .htaccess Rules
Actually, you can enable hotlink protection on your own even without cPanel. cPanel merely automates the process for you by placing some rules into a hidden file called “.htacess” in the root folder. Here are the rules for hotlink protection:
You can add and remove these rules manually as well, but I recommend against it. When messing around with .htaccess, I always prefer to use an automated tool since there are fewer chances of something going wrong. It’s incredibly easy to disable your entire site with a single mistake! So stick to cPanel and let it do the hard work for you. If you choose to disable hotlink protection, the rules will be removed automatically.
Disadvantages of Hotlink Protection
The biggest drawback of hotlink protection that I can see is that it will remove organic image search results for your site. A lot of sites get significant traffic from Google Images for example, and hotlink protection robs them of that benefit. But if this isn’t a concern for you, then go ahead and enable it! It’s a good thing to have.
Of course, you don’t have to know how to use the Hotlink Protection tool in cPanel if you have a cPanel VPS Hosting with us. You can simply ask our administrators to install Odoo 11 on Ubuntu 16.04 for you. They’re available 24/7, and will be able to help you with the installation of Odoo 11 on Ubuntu 16.04.
PS. If you enjoy reading this blog post on how to use the Hotlink Protection tool in cPanel, feel free to share it on social networks using the shortcuts below, or simply leave a comment.