How can I prevent image hotlinking on my e-commerce site?

Does Shopify offer a simple way to stop image hotlinking? Or do I need to create an htaccess file.

No. I had a post that was “How to prevent image hotlinking on shopify” that was out there for years, now they have just deleted it. The only answer they would give is pay a 3rd party plugin/app that doesn’t actually fix the problem. They dont care. It is a pretty easy server side fix.

You got anything on this?
Seems to be a very widespread issue

Did you find any solution?

Hi @Mdre20

Thank you for adding your feedback to this thread. While I have shared the desire for this function to be a built in feature with our developers, it is not something we directly support at this time.

There are third party apps and tools you can use to prevent hotlinking of your content in the app store, you can take a look at some of those here: Shopify App Store - Prevent Right Click.

@Shay right click is not the issue and never is because you cannot actually block right click, you can only give the illusion of no right click to people. Sites that have right click “disabled” literally slow me down by 2 seconds before I click a button that blocks the “disable” script. Bots don’t load these scripts and all they are doing is grabbing the link url, not downloading the image anyway. Hot linking is a server side issue. What you are saying is that the only actual “fix” is to host ALL IMAGES ON SOMEONE ELSE’S SERVER. FIX IT SHOPIFY.

OMG Shopify is begging us to leave this site. My website is under attack from scammer sites hotlinking my images and redirecting to sites that use further hotlinks to ostensibly sell counterfeits of my work, and Google is happy to serve up these thieving scammers to about 10% of my search results. WHAT THE HECK??? Shopify and Google couldn’t care less about us or our customers.

I have to do something, and I really don’t want to take the time to move to wordpress, that would be weeks of unpaid work. Has anyone moved their images to another server in order to combat this problem? If so, how do we allow Google access to our images, but not let them get served up by scammers via hotlinking? The problem is becoming an epidemic.

The only way this simple problem will be fixed is if we call and complain weekly or more frequently. It is a joke how they even allow this. Other systems literally have a checkbox to disable image hotlinking.

Thanks for answering Steve. I’m so disappointed in Shopify, leaving us hang out to dry like this.

Not a right click issue. This problem is out of control. 97% of my images are being used for backlinks. According to Semrush my domain is TOXIC with over 57.8K backlinks. I can disavow with Google, but it’ll take an eternity for them to actually do that, and in the meantime I already received 106 new ones just today and counting. Shopify needs to do something about this, and fast. No images show up anymore in Google organically, it was the way customers found my website/store organically. Now all the images are gone because the website has more than likely been penalized, and the few that are still out there have links to them - but not to my store.

And why can we only upload a .CSV file and not a jpeg or png to show what’s going on?

Gosh I’m so sorry to hear that this awful hotlinking disaster is ruining your business. It’s all one group of criminals doing it, you can see similar patterns in the URLs of the bogus pages placed on legitimate websites that get redirected to the scammer sites. Google favors these scammers in search results for some unfathomable reason. Once you click on an images search result that is a scammer hotlinking site, a dozen more appear beneath it, all manner of domains. Honestly right now it feels as if the world is conspiring to make the criminals win and honest people lose. I’m so discouraged. So disappointed in Shopify for not providing hotlink disable, such an important security tool. And in Google for promoting the criminal sites in search results so that when our hard-won buyers search for our websites, they get our images alright, but they link to scammer sites. And we can’t have them removed from search because we would be reporting our own hotlinked images. Every day it gets worse. I wish I’d never come here. It’s a pretty effective racket going on.

I’m preparing to move all my images off Shopify because of this unbelievable absence of support on what has become an important security issue. Any suggestions? Cloudflare? Amazon S3? Or move the whole site to Wordpress?

Im also having this issue. Sounds like the solution on any other site would be quite simple, but since we are using Shopify CDN we cannot access the .htacess file and turn on Cloudflare’s hotlink protection. Shopify needs to address this.

I haven’t found a way to stop them, but they are using my IP to drive traffic to their websites through my images. I’ve been reporting this to Google, but the situation seems to be getting worse. In fact, Google has even removed some of my images in the process. They are killing my store. Is this only happening to Shopify or is it the same with other platforms?

I ended up adding this App:
“Disable Mouse Right-Click”
And I think it’s helped. There is no image url now anymore for them to use
with this App. It’s free, so I’d give it a try.

These people are highly skilled and would find a way around that. It’s simple - you just need to inspect the image page, and the URL is located there. Right-clicking is just a shortcut and would only stop someone who doesn’t have coding skills. I mean the ones I am trying to stop. The first domain name is a decoy and doesn’t send you to their site; they hotlink it to another one after you click on the image. I don’t even know how they’re doing it because it is completely against Google’s policy. They are somehow changing the metadata where it shows my information to get the traffic and then they redirect it under the false domain that a bot generates. It’s beyond my skills to track! But this has really hurt my store and in the end, if it doesn’t get fixed, I will have to shut down, and that is a total loss to Shopify because I am not the only one being affected by this. I have seen thousands complaining about it and having a really hard time even trying to explain what is happening or what they are seeing. I know I have even messed up just in this post because I am not skilled enough to explain it properly on the coding side of what they are doing. And if you run ads while this is happening none of the traffic will go to your site and I think that is their end goal here by using Shopify stores.

It is still not a right click issue. It is a server side issue. The proper fix is a .htaccess line of code that blocks the hot linking. Shopify does not care. We are looking to move all our sites off shopify. All of these easy to fix problems are going on ignored.

Even if it was a right click issue, the right click block can be disabled in a matter of seconds. It only stops the most computer illiterate people.

Did you manage to fine a solution, we are having a problem with this on our website. Thanks

Hi Amanda,

The problem has dramatically lessened on Google search results. I did start reporting the listings on the bogus ecommerce pages that were redirected to by the legit pages on real websites that seemed to have been hacked and had pages added to them with keywords and copy lifted from the website that was being victimized. There are still some google search results from this enormous scam that was going on, but much much less now, thank God. Geez I’d have to do an infographic to explain what they were doing, it was so convoluted. One thing helped a lot was renaming my image files, and shopify does not make it easy. I spent a lot of time to find apps that would simplify that process but there were no free ones, and I eventually decided that it was just as easy to do it myself.

So the process of renaming image files is to copy the URL of the image that is being infringed (minus everything in the URL before the https://www.your-website.com/cdn/shop/files, everything after is called the Handle), then go to Content>Files, and search for the Handle. You can’t reach the Content>Files page from the product page, so have it open in two tabs on your browser. Download the image from your product page, and then delete the image from the Content>Files page. You can play around with what is easiest for you between these two pages. It’s best to have both pages open in two tabs because you can lose track of where that image needs to be. Then rename the image in your computer’s files, and upload it again to your product page with it’s new file name (and try to remember to add back your alt-text). It will then be automatically added to your Content>Files with it’s new file (handle) name. The old/deleted image file URL will now show an error message. I always keep the infringed image URL open during this procedure so I can test it by refreshing the page.

I know it sounds complicated, but this is the easiest method I’ve found to rename image files on Shopify, and I am no computer expert. Once you get used to it, with three tabs open, it’s actually easy (one for the product page, one for the Content>Files page, and one for the live URL of the image you are removing from the hacker’s bogus infringement site).

I should REALLY do a blog post for DMCA takedown procedures, and for image renaming on Shopify.

Wishing you the best. I don’t expect that criminal activity will lessen with all that is happening in the world today, but there are still some measures that work for us small creative people who just want to get paid from our efforts.

Best,

Sally