Hotlink Protection

Some people will steal your bandwidth by directly linking to your graphics and other multimedia content from their own websites. If you right click on an image from any website and select “properties”, you will be able to see the file path. That shows you where the image is stored on the server. Typically, the path will be an images folder on the same website. A thief, however, will have a path leading somewhere else – not to their own site.

When a leech links to one of your images for use on their site, it’s as simple as placing the path to the image in the <img> tag. When they link to a PDF file or video, all they have to do is put a link to it on their site. In doing this, not only are they pirating your copyrighted material, they are also stealing your bandwidth.

Exceeding your bandwidth usage allotment can cause your host to shut your site down until the next month!

This is why hotlink protection is so important. Thankfully, it is very simple to do. The tools you need are already included in cPanel – your web hosting control panel. Let’s look at how you can protect your bandwidth.

Once you log into your cPanel account (if you don’t have a host yet, we recommend Hostgator (Visit, Review)), you will see a section titled “Security”. In that section is a link to the HotLink Protection tool as illustrated in the image below.

Once you click the HotLink Protection icon, it will bring you to a page that looks like this:

As you can see, I have added numbers to each section. As we go over the form, I will refer back to these numbers. The paragraph in italics at the top of the form gives you an overview of what the tool does.

1. URL’s to allow access: In this section you will add all of the URLs from which you want to allow your images and content to be seen. If you have one website, you would type in your full domain in both formats (e.g. http://www.yoursite.com, http://yoursite.com). Enter each domain on its own line.

This tool covers all of the domains on your site. If you have multiple domains, you would enter each one in both formats. If you have subdomains, you would enter each one on its own line (e.g. http://www.yoursite.com, http://yoursite.com, http://subdomain1.yoursite.com, http://subdomain2.yoursite.com).

If you have other sites, like forums, blogs and Facebook, where you want to link to your own images, you have to add those sites as well. Be careful in doing this on forums and blogs, however, because this can leave you open to bandwidth theft by the forum/blog owner or other users. To enter those sites, just type in the domain (e.g. http://www.someforum.com). Facebook and MySpace are a little safer since you get your own page. To add those sites, you would enter the full path to your page (e.g. http://www.myspace.com/yourname). This should only allow your profile page to use content from your site.

2. Block direct access for these extensions (separate by commas): This is where you tell the tool what types of content to protect. In this box, you enter the file extensions of the types of files you want to block from bandwidth thieves. When entering the extensions, leave off the leading “.” and separate them with commas and without spaces. This is a powerful tool because not only can you block images, you can block your other content as well.

As an example, you can block:

jpg,jpeg,gif,bmp,png,pdf,zip,rar,exe,avi,mov,flv,mpeg,mpg,mp3,wav

.jpg, .jpeg, .gif, .bmp and .png are all image file types. PDF files can be eBooks or reports that you want to keep from being externally harvested. .zip and .rar files are compressed archives that often may contain a product or package for your visitors/customers/opt-ins that you need to keep unique to your site. An executable program, or .exe, could be a software product that you need to be available only from your site – not someone trying to use your content for their gain. Finally, .avi, .mov, .flv, .mpeg, .mpg are types of video and .mp3 and .wav are audio.

These are just some examples of the files you can keep protected from hotlinkers. You can also restrict linking to your .css style sheets and .js JavaScript or .php script source code. Just be sure not to restrict access to your .html or .php pages or people might not be able to see your website. Also, when blocking source code, make sure it is accessible from the right places. For example, if you have a script that generates pages, blocking its access may prevent your potential visitors from getting to that page from a backlink or search engine result.

3. Allow direct requests (i.e. entering the URL to an image in your browser): This checkbox is pretty self-explanatory. Do you want a user to type in the direct path to an image or file and be able to view it. For example, if someone typed “http://www.yoursite.com/images/logo.gif”, would you want that to show up in their browser. Now for images, the answer is easy: No. There is simply no need for a user to be able to do this. Also, blocking the direct request will not stop your image from getting listed in Google or Yahoo! image search results.

For other file types, the answer is not so clear cut. If you have a PDF file freely available on your site, blocking access to the .pdf extension and leaving this box unchecked (to not allow direct requests), will prevent visitors from bookmarking the PDF file. Also, in some instances you may want others to link directly to your PDF, zip file or software executable so you can get exposure for your product line or business. In these cases, you would check the box so direct requests would be allowed. The other way to accomplish this is to leave those file extensions out of the field discussed in (2) and leave the direct request checkbox unchecked to protect everything else.

4. Redirect request to this URL: This box allows you to redirect any unauthorized request to a specific page on your site. What a great opportunity! You can redirect to your home page to get traffic you may not have otherwise received. Or, you can redirect to your sales page or squeeze page to extract a sale or opt-in from the would-be thief or his traffic. Simply enter the full URL of the page to which you want to send these people. This is a great way to make some extra unexpected sales and turn the tables on the thief!

One thing to keep in mind is that this will not stop someone from copying content from your site and using it on their site. It only helps prevent bad people from stealing your bandwidth.

5. Submit Button: Click the Submit button when you are finished filling out the form to save your data.

6. Enable Button: Click the Enable button to enable hotlink protection. After you click, you will be brought to a conformation screen that shows you what you have protected and indicates that hotlink protection is now enabled.

When you click the [Go Back] link, it will take you back to the form.

*Images captured from the Hostgator cPanel Demo. Visit Hostgator today to get the best hosting on the web.