WP Toolkit image hotlink protection

WP Toolkit includes an optional hotlink protection feature for WordPress sites. It is disabled by default, but you can enable and adjust it at any time in cPanel.

What hotlink protection does

When hotlink protection is enabled, your server checks where each image request comes from.

• If an image is requested from your own website, it loads normally.
• If an image is requested from another website, the request can be blocked or replaced with a placeholder image.

This prevents third-party sites from embedding your images directly and consuming your bandwidth. In short, hotlink protection stops other sites borrowing your hosted images without permission.

Why you might want to enable it

Hotlink protection can be useful if:

• Your images are being embedded on other websites without your consent.
• You have seen unexpected bandwidth spikes caused by external sites linking to your images.
• You run a content-heavy site (for example, galleries, posters, or downloads) and want to reduce leeching.
• You want to discourage image scraping or reposting.

For most sites it is an optional bandwidth safeguard rather than a requirement.

What it does not affect

Hotlink protection only applies to requests that appear to come from external websites. It will not interfere with:

• Normal visitors browsing your site.
• Images loading within your WordPress pages.
• Search engines that do not send an external referrer (in most cases).
• Domains you explicitly allow.

If configured correctly, your site will still display images normally for your audience.

How WP Toolkit applies hotlink protection

WP Toolkit applies hotlink rules at the server level rather than by modifying files inside your WordPress installation. That means:

• You may not see any hotlink rules in your WordPress .htaccess file.
• The settings live inside WP Toolkit and are enforced by the server.

This is normal behaviour and keeps your WordPress files clean.

How to enable, disable, or adjust hotlink protection

1. Log in to cPanel.
2. Open WP Toolkit by clicking WordPress Management.
3. Find your WordPress site and open its management panel.
4. Locate Hotlink Protection.

From here you can:

• Enable hotlink protection.
• Disable hotlink protection.
• Whitelist domains that are allowed to fetch your images.

Whitelisting trusted external domains

If you enable hotlink protection, you may want to allow certain external services to display your images. Common examples include:

• Social platforms and link-preview tools.
• Marketing scheduling tools.
• Partner websites.
• Your other domains.

Click the configuration icon next to Hotlink Protection in WP Toolkit to add domains to the whitelist. Whitelisted domains can load your images normally while all other external sites are blocked.

If you see a hotlink placeholder when sharing

Some sharing tools and social platforms fetch images using their own domain as the referrer. If that domain is not on your whitelist, they may display a placeholder image with a warning that the image was hotlinked.

If this happens only when sharing, it usually means hotlink protection is enabled and the platform's domain is not on your whitelist.

What to do

You have two options:

• Whitelist the platform - add the platform's domain in the WP Toolkit hotlink settings. Common examples include Buffer, LinkedIn, Microsoft SharePoint, and similar preview tools.
• Disable hotlink protection - if social sharing and previews are central to your site and you do not need hotlink blocking, turning it off is the simplest fix.

After making any change, clear your WordPress cache (if you use one) and try sharing again.