Enable hotlink protection
Open the hotlink protection settings
Log in to cPanel through your client area or at
yourdomain.com/cpanel. Go to Security > Hotlink Protection.Add allowed URLs
In the URLs to allow access field, add any domains that should be permitted to link to your files. Your own domain is usually pre-filled, but check that it’s listed. Include variations like
www.yourdomain.com and yourdomain.com.If you use a CDN or a subdomain that serves content, add those too.Specify protected file types
In the Block direct access for the following extensions field, enter the file extensions you want to protect, separated by commas. Common choices:
jpg,jpeg,gif,png,webp,svg,bmpConfigure optional settings
- Allow direct requests — select this if you want people to access files by typing the URL directly into their browser. If unchecked, direct URL access is also blocked.
- Redirect the request to the following URL — enter a URL here to redirect hotlink attempts to a specific page (for example, your homepage or a “hotlinking not allowed” notice).
Disable hotlink protection
In the Hotlink Protection interface, click Disable.Things to keep in mind
- Always include your own domain (with and without
www) in the allowed URLs list. If you don’t, your own site won’t be able to display its own files. - If you use webmail or access cPanel at your domain, include those URLs as well (e.g.
yourdomain.com:2083). - Hotlink protection works by checking the HTTP referer header. Some browsers, privacy tools, and VPNs strip this header, which can cause false blocks.
- If your site uses a CDN, add the CDN’s domain to the allowed list so it can pull files from your origin server.