H
10Corp Premium Hosting

Setting Up Hotlink Protection in cPanel

Last Updated: 2025-01-01 2 min read

Hotlinking occurs when another website embeds your images, videos, or other files by linking directly to them on your server. This means their visitors load content from your hosting account, consuming your bandwidth without your permission. Hotlink protection prevents this by restricting which websites can directly link to your files.

How Hotlinking Affects You

When someone hotlinks to your content:

  • Your bandwidth is consumed by visitors on another site.
  • Your hosting resources are used to serve files for someone else.
  • You may receive overage charges or experience slower performance if bandwidth limits are exceeded.
  • Your content is used without attribution or permission.
  1. Log in to cPanel.
  2. Navigate to the Security section.
  3. Click on Hotlink Protection.
  4. Click Enable to turn on hotlink protection.
  5. Configure the settings:

URLs to Allow Access

Enter the URLs that are allowed to directly link to your files (one per line). You should include:

  • https://yourdomain.com
  • https://www.yourdomain.com
  • http://yourdomain.com
  • http://www.yourdomain.com

You may also want to allow search engines and social media platforms:

  • https://www.google.com
  • https://www.bing.com

Block Direct Access

Check the option Allow direct requests if you want visitors to access files by typing the URL directly in their browser. If unchecked, only requests from allowed URLs will succeed.

File Extensions to Protect

Enter the file extensions you want to protect, separated by commas:

jpg,jpeg,gif,png,bmp,webp,svg,mp4,mp3,pdf

Redirect URL (Optional)

You can specify a URL to redirect blocked hotlink requests to. This could be:

  • A small placeholder image explaining that hotlinking is not allowed
  • Your homepage
  • A 403 error page
  1. Click Submit to save your hotlink protection settings.

How It Works

Hotlink protection works by checking the HTTP Referer header of incoming requests. If a request for a protected file type comes from a domain not on your allowed list, the server blocks or redirects it.

Behind the scenes, cPanel adds rewrite rules to your .htaccess file:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain\.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Important Notes

  • Email clients and RSS readers may not send a Referer header. Allowing blank referers (enabled by default) prevents breaking images in emails and feeds.
  • Hotlink protection is not foolproof — it relies on the Referer header, which can be spoofed. However, it stops the vast majority of casual hotlinking.
  • If you use a CDN (Content Delivery Network), make sure to add your CDN’s domain to the allowed URLs list.
  • Monitor your bandwidth usage after enabling hotlink protection to see the impact.

Hotlink protection is a simple, effective way to conserve your hosting bandwidth and keep control over how your content is distributed.

Tags: cpanel hosting security hotlink-protection bandwidth

Related Articles

Understanding Bandwidth and Disk Space Setting Up .htaccess File Hosting Security Best Practices
Back to Hosting All Categories

Still need help?

Our support team is available 24/7 to assist you.

Open a Ticket Live Chat