Why Hotlinking is Bad
Hotlinking is a serious problem for many Joomla sites, especially those that contain a lot of images, also inside articles. It is a bad practice because:
- It steals your hosting bandwidth (account resources) and costs site owner's money
- It may also impact your site’s performance
- It is unethical and in most cases illegal, unless explicit permission granted
- It can be used as a common cyber-attack aimed at exhausting the bandwidth of the targeted website
Hopefully, you can use a few methods to prevent this issue. Blocking content from hotlinking won’t hurt your site SEO, but it does need to be set up correctly.
How do I Know if Someone is Hotlinking to My Site?
The best place to check for hotlinking would be your web host's web stats page. Have you noticed there any weird huge bandwidth (not traffic) in the last days, weeks? If so, this should be an indication that someone is stealing your content.
The second method is based on the Google image search tool. All you have to do is type in url:domian.com -site:domain.com in the search area.
Replace domain.com with your real domain name. This will show you all images which are hosted on your site but also present on other ones. But to be 100% sure you have to make an investigation and check several image links because Google shows different results.
How to Prevent Hotlinking in Joomla
Whether any of your website media resources have been hotlinked or not, you can take preventive measures at any time. Hotlink protection can be a valuable way that may keep your content and hosting account safe. Unfortunately, but Joomla does not have built-in options that could protect against hotlinking, so use one of the options below.
cPanel - Hotlink Protection Option
If you use cPanel, you can find the Hotlink Protection feature in its Security section. Open and configure it to utilize the facility.
To block direct access to files of specific types, add those file extensions to the Block direct access for the following extensions text box. For example, to block all .jpg images, add .jpg to the Block direct access for the following extensions text box.
You can configure Hotlink Protection to give access to the URLs which you want. Those URLs can link to your files directly. Additionally, you may redirect all requests that will be blocked to a specific URL, for example, with a warning image.
Enable Hotlink Protection on Apache
If your Joomla site is running on Apache server, all you need to do is open the .htaccess file in your site’s root directory (or rename it) and add the following lines after RewriteEngine On:
RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yoursite.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC] RewriteRule \.(jpg|jpeg|png|gif|svg|mp4|mp3|pdf)$ - [NC,F,L]
A brief explanation of the used rules:
- The 1st line allows blank referrers. You will most likely want to enable this as some visitors use a firewall or antivirus program that deletes the page referrer information sent by the web browser. If you don’t allow blank referrers, you could disable all of your images for those users.
- The 2nd line defines the allowed referrer, the site that is allowed to link to the image directly, this should be your website (replace yoursite.com above with your real domain).
- Lines 3-5 add search engines to the allowed list because you don’t want to block crawlers such as Google, Yahoo and Bing bots. This could prevent your images from showing and indexing in Google image search. You can add there your native search website like baidu.com etc.
- And the last line defines the file extension you decided to protect.
The following code will produce a 403 Forbidden error instead of the requested image, pdf or video unless the file is requested from yoursite.com.
If you want to you can serve alternate content when hotlinking is detected. To generate some more complex rules, take a look at this htaccess hotlink protection generator.
Prevent Image Hotlinking in NGINX Server
Copy the code snippet below and paste it on your NGINX config file.
location ~ .(gif|png|jpeg|jpg|svg)$ { valid_referers none blocked ~.google. ~.bing. ~.yahoo. yoursite.com *.yoursite.com; if ($invalid_referer) { return 403; } }
*yoursite.com - must be replaced with your real domain name.
If you use any other webserver, please check their documentation.
Conclusion
Hotlinking is a harmful practice that might cause several problems such as bandwidth and asset theft. Preventing hotlinking is an easy task, and you don't need any Joomla plugin. So there is no reason to postpone this task. Please share your ideas with us in the comments section. And stay with us for more useful tips & tricks!
