How to Enable Hotlink Protection in cPanel
Hotlinking occurs when another website directly links to files (images, videos, PDFs) hosted on your server, using your bandwidth without your permission. Enabling Hotlink Protection in cPanel prevents this and saves your hosting resources.
Steps to Enable Hotlink Protection
- Login to cPanel.
- Under the Security section, click Hotlink Protection.
- Click Enable.
- Configure the settings:
- URLs to Allow Access: Add your own domain and any trusted domains (e.g.,
https://yourdomain.com,https://www.yourdomain.com). - Block direct access for the following extensions: Add file types to protect (e.g.,
jpg, jpeg, gif, png, bmp, mp4, mp3, pdf). - Redirect the request to: Optionally enter a URL to redirect hotlinked requests to (e.g., a "bandwidth theft" warning image).
- Allow direct requests: Check this to allow files to be opened directly in a browser by a user (not embedded elsewhere).
- URLs to Allow Access: Add your own domain and any trusted domains (e.g.,
- Click Submit.
Hotlink protection is now active. Any external site trying to embed your images or files will be blocked or redirected.
Manual Hotlink Protection via .htaccess
You can also add hotlink protection manually in your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourdomain\.com/ [NC]
RewriteRule \.(jpg|jpeg|png|gif|pdf|mp4)$ - [F,NC]
Tip: Always add your own domain to the allowed list, otherwise your own website may be blocked from displaying its own images.
If you continue to face issues, please open a create a request.
