Hotlinking is what’s happening when someone links to resources such as images, video, or audio files you host without your permission. It’s equivalent to someone using your utilities by plugging into your electrical outlets and then running up the bill, which you then have to pay. Even if your web host is selling you unlimited bandwidth, it still has consequences. First of all, the bandwidth (and storage or anything else unlimited they’re selling you) is never unlimited. If you’re hosting a lot of images or audio, and other people are linking to those files, your host is serving them every time someone else clicks on links from other websites, or every time someone else visits those websites that are using your images.
If your bandwidth usage is going through the roof, or even if your bandwidth usage seems out of the ordinary, your web host will do one of two things: Politely upsell you to get you to buy a more robust hosting package or shut you down.
It’s not a pleasant spot to be in when you either have to spend more money to deal with the hotlinking plague, or move hosts. But there are ways to protect yourself.
Stop Hotlinking with .htaccess
If you google hotlink protection, you’re going to find a ton of resources. This can become very confusing very fast if you’re new at this and you don’t know what to look for. it’s also mind-numbing if you do. Fortunately, there’s a very thorough resource with code examples you can use. I recommend you read the whole article, and so I’m not going to post any shortcuts. It will give you an understanding of what you’re doing when you choose to copy and paste the relevant code into your .htaccess file. I will tell you, however, that the file you need to be adding the code to goes in the root of your website. This is probably the most comprehensive strategy I’ve found and I use it myself. This strategy will work on any web host that gives you FTP access. So free hosts are likely out. Also, this only works on hosts running Apache, which is most of them.
Hotlink Protection Using Nginx
Since Nginx doesn’t use .htaccess files, you have to go about protecting against hotlinking differently. One method of protection is to add a location directive to your Nginx configuration file. Here are some example directives.
Depending on your setup, either of these methods will save you a lot of trouble in the long run. And if you’re thinking of taking a shortcut by linking to someone else’s files without permission, please consider doing something else like hosting any images or audio or video you intend to use on your own hosting account.
A word about embeds
Of course, if you’re embedding a video from Youtube or somewhere similar, you have permission. Services such as Youtube or Instagram or AudioBoom or anyone that offers embed code does so specifically to allow people to embed content on their websites. They also bear the costs of the bandwidth. Hotlinking is only a problem when you find websites that don’t offer embed codes or otherwise give permission to link to their files, and you link without asking first. So don’t worry about using your favorite Youtube video. And if there’s an image you want to use, contact the site’s author and ask. Odds are they will probably not host the image for you, but they will freely allow you to download it and use it on your site as long as there’s no copyright involved.