A hotlinking takes place when someone embeds content (images, music, videos, and documents mostly) from your site in another site with the direct file URL. Effectively, the other site is stealing bandwidth and generating unnecessary traffic hits on your website consuming your hosting resources. Hotlink protection prevents this by blocking other websites from directly linking to files on your Joomla website.
Why Hotlinking is Bad
Hotlinking is a serious problem for many Joomla sites, especially those that contain a lot of images, also inside articles. It is a bad practice because:
- It steals your hosting bandwidth (account resources) and costs site owner's money
- It may also impact your site’s performance
- It is unethical and in most cases illegal, unless explicit permission granted
- It can be used as a common cyber-attack aimed at exhausting the bandwidth of the targeted website
Hopefully, you can use a few methods to prevent this issue. Blocking content from hotlinking won’t hurt your site SEO, but it does need to be set up correctly.
How do I Know if Someone is Hotlinking to My Site?
The best place to check for hotlinking would be your web host's web stats page. Have you noticed there any weird huge bandwidth (not traffic) in the last days, weeks? If so, this should be an indication that someone is stealing your content.
The second method is based on the Google image search tool. All you have to do is type in url:domian.com -site:domain.com in the search area.
Replace domain.com with your real domain name. This will show you all images which are hosted on your site but also present on other ones. But to be 100% sure you have to make an investigation and check several image links because Google shows different results.
How to Prevent Hotlinking in Joomla
Whether any of your website media resources have been hotlinked or not, you can take preventive measures at any time. Hotlink protection can be a valuable way that may keep your content and hosting account safe. Unfortunately, but Joomla does not have built-in options that could protect against hotlinking, so use one of the options below.
cPanel - Hotlink Protection Option
If you use cPanel, you can find the Hotlink Protection feature in its Security section. Open and configure it to utilize the facility.
To block direct access to files of specific types, add those file extensions to the Block direct access for the following extensions text box. For example, to block all .jpg
images, add .jpg
to the Block direct access for the following extensions text box.
You can configure Hotlink Protection to give access to the URLs which you want. Those URLs can link to your files directly. Additionally, you may redirect all requests that will be blocked to a specific URL, for example, with a warning image.
Notice! When you disable hotlinks, make certain that you allow hotlinks for any necessary domains. For example, your website's subdomains and the URL that you use to access your cPanel account.
Enable Hotlink Protection on Apache
If your Joomla site is running on Apache server, all you need to do is open the .htaccess file in your site’s root directory (or rename it) and add the following lines after RewriteEngine On:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yoursite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|svg|mp4|mp3|pdf)$ - [NC,F,L]
A brief explanation of the used rules:
- The 1st line allows blank referrers. You will most likely want to enable this as some visitors use a firewall or antivirus program that deletes the page referrer information sent by the web browser. If you don’t allow blank referrers, you could disable all of your images for those users.
- The 2nd line defines the allowed referrer, the site that is allowed to link to the image directly, this should be your website (replace yoursite.com above with your real domain).
- Lines 3-5 add search engines to the allowed list because you don’t want to block crawlers such as Google, Yahoo and Bing bots. This could prevent your images from showing and indexing in Google image search. You can add there your native search website like baidu.com etc.
- And the last line defines the file extension you decided to protect.
The following code will produce a 403 Forbidden error instead of the requested image, pdf or video unless the file is requested from yoursite.com.
If you want to you can serve alternate content when hotlinking is detected. To generate some more complex rules, take a look at this htaccess hotlink protection generator.
Prevent Image Hotlinking in NGINX Server
Copy the code snippet below and paste it on your NGINX config file.
location ~ .(gif|png|jpeg|jpg|svg)$ {
valid_referers none blocked ~.google. ~.bing. ~.yahoo. yoursite.com *.yoursite.com;
if ($invalid_referer) {
return 403;
}
}
*yoursite.com - must be replaced with your real domain name.
If you use any other webserver, please check their documentation.
Conclusion
Hotlinking is a harmful practice that might cause several problems such as bandwidth and asset theft. Preventing hotlinking is an easy task, and you don't need any Joomla plugin. So there is no reason to postpone this task. Please share your ideas with us in the comments section. And stay with us for more useful tips & tricks!
[img]https://imgur.com/bfgHkCT[/img]
Anyway, just make tests.
Hello Dear Paul, Thank you so much for Helpful Article and Great job!.
Hopefully you will learn more about Better security and protection Joomla!.
You and the team of Joomshaper are Number one and the best.
...
All the best...
yes of curse I'm newby in joomshaper and download Helix Ultimate template and very liked... I'm a Kurdish and life in vestern area in Iran... my languge is Kurdish and Persian (RTL Languges Group with fa-IR & ckb-IQ)...
Helix framwork is Very comfortable and flexible with RTL Languges Thanks To the JoomShaper Team for Great Idea & great Framwork...
I wish you and your Team more success...
regards, Frank
read the comment above about FB.
You see, when I build I learn, I don't just continue on building and not listen to anything that I see and learn, and this directly ties into what I have read on this blog (as I couldn't find any information for why my hot links from Google wouldnt work in Both Bing and Yahoo) because although there are 4.3 online they still dont understand affiliate marketing.
So my question here is who are we talking to, Prospect bloggers, website owners, or new comers who don't even know how to write an article, because whoever runs a blog I'm pretty sure isn't going to care about hotlinking just as I don't. The way you said it can ruin "Your Server" I mean if it could do that there would be problems with everyone's website and I'm sure they would be able to stop hotlinking altogether.
Peace be with you