What is hot linking? How do I enable and disable hotlink protection?

Hot link protection prevents other websites from directly linking to files and pictures on your website. Other sites will only be able to link to file types that you don't specify.

An example of hot linking. Say I like the image on your website, and I want that image on my site. If I use the full URL of your image on my site, then the image is downloading from your site every time someone looks at my site. This means I am using your bandwidth for the image. When you enable Hot Link Protection, then I cannot steal your bandwidth anymore.

To enable / disable hot link protection, please do the following:
  1. Login to cPanel and click HotLink Protection.
  2. Make sure the domain name you wish to protect is in the box called "URLs to allow access".
  3. In the box called "Block direct access for these extensions", provide the extensions for which you would like to block.
  4. We suggest you check the box for "Allow direct requests".
  5. Skip the "Redirect request to this URL" box and hit Submit.

You have now protected your images from being hot-linked. Just be sure that all of your additional domains are in the Hot Link list.

WARNING: If your images stop working, you may need to check your HTML source code for a common problem. Some website designers (or programs) may decide to use absolute path names for your images. That means, instead of a relative path like "/images/pic.jpg", it will use the entire URL like "http://www.domain.com/images/pic.jpg". You must have that exact protocol and domain name listed in your allowed URLs ("URLs to allow access"). If there is any slight difference in the protocol (http://) or in the domain name (domain.com/) between the allowed list and the HTML source code, then your images will be blocked.

Note: Some firewalls (such as Symantec's Norton Internet Securityâ„¢ and ZoneAlarmâ„¢) will block a special referrer variable in order to add more privacy for the user. HotLink protection works with this variable to tell where the request is coming from. As such, HotLink isn't the best solution to avoid bandwidth theft as it will eventually block legitimate requests from visitors using one of those firewalls. Unfortunately this issue is not under our control and there's nothing we can do to prevent it from blocking legitimate visitors. Use it at your own risk.

Article Comments

Why when I turn on "hot linking", why do I no longer see the images on my page?

You will no longer see your images because when you enable hot link protection, then you must add every domain name to the allowed list.


If you have domain.com and addon.com and sub.domain.com, then you must be sure to add every possible domain name that will be typed to reach those.

URLs to allow access:

How about with the search engines like yahoo, bing, google.uk. ca. au. cn and more. whether we have to input one by one? I am using. htaccess whether it be effective?

If the search engine or other site is linking to or displaying your site, all the images will work.

If the search engine or other site is linking to your images using your domain name, the images will work.

If the search engine or other site is trying to display your images without displaying your site, the images will NOT work.

why is it that when I update the hotlink protection, it gives me an error:

Apache detected an error in the Rewrite config.httpd: Syntax error on line 13 of /home/dianaroz/public_html/.htaccess.XbcH7mvjaLskUHuc96uFH7fBhRqoReYV: RewriteCond without matching RewriteCond sectionPlease try again.

but the protection does work..

This can happen whenever cPanel is writing to your .htaccess file (necessary for many cPanel tools like password protect directories, redirects, index manager, hotlink protection, etc.)

The problem is that you have existing code already in the file. When cPanel tries to add more, sometimes it erroneously combines the new code on a line with an existing code. This will cause the error you see, and has unpredictable outcomes on your web site. Often, you will see no side effects, but trust me that part of the old and part of the new code may be broken. (It just depends what kinds of code were merged, and if those parts are normally used.)

I have a possible solution for the problem of referer-blocking by some firewalls. Maybe you can use it to improve your hotlink protection:
In most cases images are embedded in html-files. So a simple solution would be to just block requests for images when the IP the request comes from did not request a html-page (or .php or similar) before.
Of course this solution is not perfect. But it could be a useful addon to your present hotlink protection in case no referer is submitted.

Antonio Oliveira
Can I possibly enable hot link protection for only one of my domains?

Using the cPanel tool, no. This feature affects the entire cPanel and all addon and subdomains.

However, you may be able to affect only one domain by copying the resulting .htaccess code and modifying it. (Customizing code is a web design aspect, and is not a task HostGator can support.)

I just opened a hostgator account and uploaded my site yesterday.

It appears to me that hotlink protection is disabled by default for a new hosting account, meaning that the new account holder is exposed to bandwidth theft.

Is this correct, or am I mis-interpreting the hotlink protection page?

Hotlink protection is off by default. Since it can affect your web design, it is up to your web designer to make the decision to turn it on.

Bandwidth theft is not a huge concern, and is even acceptable in small amounts or with the website owner's permission.

Hi, what should i do to hotlink zip an rar files... Because I tried using Cpanel, but don't work

Add those extensions as explained in step 3. You may have to clear your browser cache and history, then restart your browser before you notice any changes.

If that doesn't work, you can always edit the .htaccess file and modify the code to include those file types.

Does cpanel have some report that shows me what websites are hotlinking? I don't want to disable it but I do want to monitor the activity to ensure it isn't being abused.

Almost any web statistics program can determine this for you. I suggest using AWstats and the ExtraSection feature listed in your awstats config file.

Enabling the "Hotlinking pages" module is easy as following this documentation:

I don't see anything in the awstats docs about hotlinking. Also, where is the config file located?

You are looking for hits on your image where the referrer is not your domain. However, it will be easier once you add the ExtraSection.

The configuration file is in your home directory (above public_html). The path is

Your comments help us keep the knowledge base updated. This is not a medium for support. If you have questions or need help, please contact us via email, phone or live chat for fast assistance.

Post Comment