What is Hotlinking and Why is it Important?

Hotlinking is the unauthorized use of a website's content (usually images, videos, or other media files) directly on another website. In other words, it is when another website directly links to a file hosted on your server, causing that file to be displayed using your bandwidth. This situation consumes your resources without providing any benefit to you. On the contrary, it increases your server costs and can negatively affect your website's performance.

Bandwidth Consumption: Hotlinking unnecessarily consumes your server's bandwidth. As other sites display your content, your server has to respond to these requests.
Increased Server Load: Increased bandwidth usage increases the load on your server. This can cause your website to slow down or even crash.
Increased Costs: Consumption of bandwidth and server resources leads to an increase in your hosting costs.
SEO Impact: Hotlinking can be perceived as duplicate content by search engines, which can negatively affect your website's SEO performance.

For example, you are a photographer and you display high-resolution photos on your website. Another website directly links to the files on your server to use your photos in their content. In this case, every time a visitor visits that website, photos are loaded from your server and your bandwidth is used. You may not even be aware of this situation, but you may notice an increase in your hosting bill.

How Do I Know If Hotlinking Is Happening?

There are several ways to tell if hotlinking is happening:

Reviewing Server Logs: In your server logs, you can examine requests to your images or other media files. By looking at the Referer (HTTP referrer) header, you can see which websites the requests are coming from. If a large number of requests are coming from a website other than your own, this may raise suspicion of hotlinking.
Checking Google Analytics: If you are using Google Analytics or a similar analytics tool, you can track the page views and sources of your images or other media files. Unexpectedly high view counts or unknown sources may be an indication of hotlinking.
Using Visual Search Engines: You can use visual search engines like Google Images or TinEye to check if your own images are being used on other websites.
Using Referer Checking Tools: Some websites allow you to analyze the referer information coming to a specific URL. By using these tools, you can easily see the sources of requests to your images or files.

Example: In Apache server logs, you might see a line like this:


192.168.1.1 - - [10/Oct/2023:14:30:00 +0000] "GET /images/kedi.jpg HTTP/1.1" 200 12345 "http://ornekwebsite.com/makale" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"

In this line, it can be seen that a request to the /images/kedi.jpg file came from http://ornekwebsite.com/makale. If this website is not under your control and is using your image without your permission, this is an example of hotlinking.

What are Hotlink Prevention Methods?

There are various methods to prevent hotlinking:

Blocking with .htaccess File: The .htaccess file, used in Apache servers, is one of the most common methods for preventing hotlinking. Through this file, you can block access to specific referers.
Blocking with Server Configuration: Hotlinking can also be blocked through the configuration files of web servers such as Apache or Nginx (e.g., httpd.conf or nginx.conf).
Blocking with CDN (Content Delivery Network): CDN providers offer additional security features such as hotlink protection. By using a CDN, you can distribute your content more securely and prevent hotlinking.
Blocking with Programming Languages: Using programming languages such as PHP, Python, or similar, you can perform server-side referer control and block requests from specific sites.
"Image Cannot Be Stolen" JavaScript Codes: This method attempts to prevent right-clicking or dragging of images. However, this method can be easily bypassed and is not a definitive solution.
Adding Watermark: By adding watermarks to your images, you can maintain your brand awareness even in unauthorized uses.

How to Prevent Hotlinking with .htaccess File? (Step-by-Step Instructions)

Preventing hotlinking with the .htaccess file is one of the simplest and most effective methods. Here's how to do it step by step:

Creating or Editing the .htaccess File: Create a .htaccess file in the root directory of your website (if it doesn't exist) or edit the existing .htaccess file.
Adding the Necessary Codes: Add the following codes to the .htaccess file:


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite\.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F,L]

Explanations:
- RewriteEngine On: Enables the rewrite engine.
- RewriteCond %{HTTP_REFERER} !^$ [NC]: Checks that the Referer header is not empty.
- RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite\.com [NC]: Checks and allows requests coming from your website. Replace yourwebsite\.com with your own website address.
- RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google\.com [NC]: Checks and allows requests coming from Google (so that Googlebot can index your images). You can remove this line if you wish.
- RewriteRule \.(jpg|jpeg|png|gif)$ - [F,L]: Prevents files with .jpg, .jpeg, .png, and .gif extensions from being called from other sites. [F] returns a forbidden error, and [L] ensures that the rule is terminated.
Saving and Uploading the File: Save the .htaccess file and upload it to the root directory of your website.
Testing: Test whether hotlinking is blocked by directly linking to your images from another website (for example, in an HTML page like <img src="http://yourwebsite.com/images/cat.jpg">). An error message or a blank image should appear instead of the image.

Important Note: Because the .htaccess file affects your server's configuration, an incorrect configuration may cause your website to not work. Therefore, it is recommended to back up the .htaccess file before making any changes.

How to Provide Hotlink Protection with a CDN (Content Delivery Network)?

CDNs are networks of geographically distributed servers. By caching your content on these servers, they improve your website's performance and provide your users with a faster experience. In addition, most CDN providers offer additional security features such as hotlink protection.

Choosing a CDN Provider: Choose one of the popular CDN providers such as Cloudflare, Akamai, Amazon CloudFront.
Integrating Your Website with the CDN: Integrate your website with the CDN according to the CDN provider's instructions. This usually requires you to change your DNS settings.
Enabling Hotlink Protection: In the CDN control panel, there should be an option such as hotlink protection or referer control. Enable this option and specify the allowed websites (e.g., your own website).
Customization: Some CDNs offer more advanced customization options for hotlink protection. For example, you can display a custom error page for blocked requests or protect specific file types.

Example: To enable hotlink protection in Cloudflare, you can follow these steps:

Log in to your Cloudflare account.
Select your website.
Go to the "Security" tab.
Set the "Hotlink Protection" option to "On".

Hotlink Blocking with Programming Languages (PHP Example)

You can also block hotlinking by using programming languages on the server side. Here's a simple example with PHP:


<?php
$allowed_referers = array(
    'yourwebsite.com',
    'www.yourwebsite.com'
);

$referer = $_SERVER['HTTP_REFERER'];

$allowed = false;
foreach ($allowed_referers as $allowed_referer) {
    if (strpos($referer, $allowed_referer) !== false) {
        $allowed = true;
        break;
    }
}

if (!$allowed) {
    header('HTTP/1.1 403 Forbidden');
    echo "Access Denied.";
    exit;
}

// Show the image file
$image_path = 'images/cat.jpg';
header('Content-Type: image/jpeg');
readfile($image_path);
?>

This code checks the HTTP_REFERER header and only displays the image for requests coming from allowed websites. It returns a 403 Forbidden error for unauthorized requests.

Comparison of Hotlink Blocking Methods

Method	Advantages	Disadvantages	Implementation Difficulty	Effectiveness
Blocking with .htaccess	Simple, fast, supported by most hosting providers.	Only works on Apache servers, incorrect configuration can break the website.	Easy	High
Blocking with Server Configuration	More advanced control, more efficient use of server resources.	More complex, requires server management knowledge.	Medium	High
Blocking with CDN	High performance, additional security features, global distribution.	Can be costly, requires CDN integration.	Medium	Very High
Blocking with Programming Languages	Flexibility, customization, dynamic referer control.	Requires programming knowledge, can consume server resources.	Medium	High
"Image Cannot Be Stolen" JavaScript Codes	Simple, quick setup.	Easily bypassed, can negatively affect user experience.	Easy	Low

Hotlink Blocking Strategies: Real-Life Examples and Case Studies

Case Study 1: E-Commerce Site

A large e-commerce site noticed that product images were being used without permission on other websites (especially competitor sites). This situation was consuming the site's bandwidth and negatively affecting SEO performance. The site decided to block hotlinking with the .htaccess file. However, to avoid preventing Googlebot from indexing product images, they added a rule allowing requests from Google. In addition, they distributed their content faster using a CDN and provided an extra layer of security thanks to hotlink protection. As a result, the site reduced bandwidth costs and improved SEO performance.

Case Study 2: Blogger

A blogger noticed that their original images were being used without permission on other blogs and social media platforms. The author decided to add watermarks to their images. In this way, they maintained brand awareness even in unauthorized uses. They also blocked hotlinking with the .htaccess file and regularly checked where their images were being used using visual search engines. In this way, they detected unauthorized uses and initiated the necessary legal procedures.

Real Life Example: News Site

A news site detected that news images were being used without permission on other news sites and social media platforms. The site activated hotlink protection using a CDN and displayed a special error page for requests from unauthorized sites. They also added copyright information to their images and regularly monitored unauthorized uses. In this way, the site both reduced bandwidth costs and protected its copyrights.

Things to Consider When Blocking Hotlinking

Don't Block Googlebot: To avoid preventing search engines (especially Googlebot) from indexing your images, you must allow requests from Google in the .htaccess file or CDN settings.
Identify Allowed Sites: If you want to allow certain websites (for example, your business partners) to access your content, add these sites to the list of allowed sites in the .htaccess file or CDN settings.
Customize Error Pages: By customizing the error pages to be displayed when hotlinking is blocked, you can give your users a more informative message.
Check Regularly: Regularly check that your hotlink blocking methods are working properly and use visual search engines to detect new unauthorized uses.
Protect Your Legal Rights: Do not hesitate to use your legal rights when you encounter unauthorized uses. In case of copyright infringement, you can send a warning letter or file a lawsuit.

Conclusion

Hotlinking is a serious problem that can consume your website's resources and negatively impact its performance. However, you can prevent hotlinking and protect your website with the methods mentioned in this article. By using the .htaccess file, CDN, programming languages, and other methods, you can prevent unauthorized use of your content and reduce your server costs. Remember, it is also important to check regularly and protect your legal rights.