Stop WordPress Content Thieves From Stealing Your Content – And Your Bandwidth

WordPress Thief - Images, Content, Videos, and DownloadsI’m on a lot of marketing email lists, and I actually read a lot of emails. Recently, I received an email from a marketer and began reading the first line of the email. It read, “I didn’t sleep very well last night. No, it wasn’t because of a barking dog, a crying child, or my WordPress website had been hacked.”

I stopped reading cold; those words were familiar – too familiar. Well, they should be. I wrote them. In fact, I wrote them just a few weeks ago for an article right here on wpmu.org. I clicked the link in the newsletter to their website and there was my entire article reproduced on their website – images, wpmu.org ads, and all. I had the byline on the website, but I was still shocked to see that someone else had used my article on their website.

Although that was O.K. with me – as long as they gave wpmu.org the credit for the original publication – it reminded me that there are unscrupulous people that will steal your content without giving you credit for it. Or worse yet, share your paid products without you getting paid for them.

There is very little that I despise more than a thief. It doesn’t matter if they are stealing money, physical items, time, or digital creations. A thief just has no respect for the property of others. When that thief steals your photos, your videos, or your digital downloads, they are not only stealing your product, but your bandwidth. All of that costs you money.

When it comes to the properties that exist on WordPress websites that I’m responsible for, whether they are my websites or my client’s websites, I want to protect that digital property from those who would take it without permission. We will look at several methods to protect each type of WordPress website property. By no means are these ALL the methods available, but they are some of the ones I’ve used for my clients.

Featured Plugin - WordPress Q&A Site Plugin

It's now incredibly easy to start your own Q&A site using nothing more than WordPress - The Q&A plugin simply and brilliantly transforms any site, or page, into a perfect support or Q&A environment.
Find out more

To begin with, let’s look at the different types of content theft that can occur.

Stealing Images On WordPress Websites

WordPress Right Click Image SaveProbably one of the most common thefts that occur on WordPress website is the theft of images. With no protection methods employed, the easiest method to steal someone’s image is to simply right click on the image and choose to download the image. If the image can be left clicked and opened in the browser, then you can save the image by using the right click context menu.

Another method is to simply “hotlink” to an image. In case you don’t know, hotlinking is when you use the actual link to someone else’s image in your own post. Those thieves are so doggone lazy they don’t even bother to download the image and upload it to their own server. If their post is popular, this can chew into your bandwidth.

Stealing Text On WordPress Websites

Another common theft is your written text on your WordPress website. Just as with images, the simplest way to steal that content is to highlight it with the mouse, then either use the right click context menu to copy the content, or just click <CTRL> and <C> on a PC. Once you have it copied to the clipboard, you can paste that content anywhere that you’d like.

iFraming Your WordPress Website

Another method of theft that is not considered theft by many people that I talk to, is someone iFraming your website into their own website. In a way, they are not really “taking” anything, but they are using your content without sending people to your website.

Recently I was building a website for an insurance agency and the owner wanted me to just use the insurance companies’ website proposal software but put it on their website (they wanted me to iFrame the pages in, but they didn’t know to call it that). Several of the companies had placed scripts on their website to block that from happening while others did not.

Regardless, I cautioned them against doing this as it is analogous to stealing.

Recently, two new WordPress plugins have been released around this concept. These plugins iFrame any website you want and then provide an overlay in a lightbox style that can be anything that you want to include – an offer of a free product, a CPA offer, or even a blatant product for sale offer. Although I buy a lot of WordPress plugins – especially if they’re different – I passed on this one as I personally believe that iFraming content (such as a CNN news story) into my own website and then putting my own advertising over it to be unethical at the very least – but analogous to stealing in the worst case.

Stealing Videos On WordPress Websites

If your website content is primarily videos (such as training videos), then it’s actually quite easy for someone to steal that content. Just as with photos above, you can use the right click context menu on many videos and grab the content. If you can’t grab it that way, then there are many extensions available for FireFox and Chrome that will allow you to download videos from a WordPress website.

Stealing Downloads On WordPress Websites

Second only to image theft, this is probably the most notable type of content theft. This can occur in a number of ways; to name a few:

  • Poking around your server’s directory structure to find digital downloads
  • Sharing your download link either directly or on black hat websites
  • Sharing your download package directly or on black hat websites

Featured Plugin - WordPress Facebook Plugin

Would you like to add Facebook comments, registration, 'Like' buttons and autoposting to your WP site? Well, The Ultimate Facebook plugin has got that all covered!
Find out more

What Can Be Done?

My colleague, Sarah Gooding wrote an article here on wpmu.org back in 2010 that shows you how to disable right clicking using a simple jQuery snippet in your header.php file. However, that method is very simple to defeat – just disable Javascript. Plus many people – like me – use the right click menu for a lot of other things, so it only serves to frustrate me further. But, it can definitely prevent some visitors from stealing your content.

All I Need To Protect Is My Copy

WP Control CopyIf all you wish to protect is your copy, then you can install a simple WordPress plugin called WP Control Copy. This plugin has some excellent features that I like, plus, it doesn’t disable the right click menu.

Features I Like

Who Can Copy Text

This allows you to limit the privilege of copying text from your blog to Logged In Users, Everybody – or diable it entirely by choosing ‘Nobody!’ Additionally, regardless of the setting, copying is not prohibited in the back end once you are logged in.

“Added Text”

A really nice feature is that this plugin will allow you to automatically add some crediting text to anything that you allow to be copied. This way, if someone does copy your text, at least you have the possibility that they will not delete the crediting line. Of course, they can always delete it, but at least you’ve made it easy for them to give you credit.

Logged In Users Get Clean Copy

If you allow logged users to copy your text, this option gives you that ability to let them get that copy WITHOUT the “Added Text” if you’ve enabled that option.

Where To Add WP Control Copy

This option allows you to choose where the copy control is enabled. Your options are Everywhere (the entire website), Only Posts (so only your posts are copy protected), Only Posts and Pages (only protects copy on your posts and pages), or Specific Post/Page ID’s (which allows you to enter the ID numbers of any pages or post that you want to copy protect).

Display Alerts

This gives you the capability to display an alert window (with text that you can customize) for three different situations:

  • When the copy fails (either the user is not logged in or you have copy completely disabled)
  • When the copy succeeds (regardless of what type of copy is allowed)
  • When either of the above conditions occur (it displays a message for a fail or a succeed)
  • Never (this just doesn’t display a message for any reason – my least preferred method)

As I stated to begin with, if you only objective is to protect your copy, then this is an almost perfect plugin.

But I Need To Protect Images

No problem. Simply install another plugin called No Right Click Images Plugin.

WordPress Right Click Image Download Substitute ImageOnce you’ve installed and activated the plugin, you have to configure it so that it works like you want it to. The first option is to choose whether you want to “Replace the image on right mouse click”. When this option is activated, if someone right clicks on your image, they don’t get your image, but instead get the image to the right of this paragraph. This is especially useful for visitors using FireFox as they can disable most right click prevention methods.

The next option is Prevent Drag and Drop. Users may be able to drag images to their desktop and drop them there. This option prevents them from doing just that.

The final option is Allow For Logged Users. If checked, this allows logged in users to actually be able to use the right click menu to download images. This can be handy for the WordPress website owner or administrator to pull images down to use on another website without having to go to an FTP program.

Featured Plugin - WordPress Newsletter Plugin

Now there's no need to pay for a third party service to sign up, manage and send beautiful email newsletters to your subscriber base - this plugin has got the lot.
Find out more

I’d Like To Watermark My Images

Several of my photographer clients add watermarks to photos that they place on their website. Since they’re already using PhotoShop to edit the photos, they usually use a PhotoShop Action to quickly add their custom watermark to every photo that they release.

However, if you are not using PhotoShop, you can install the Transparent Image Watermark plugin on your WordPress website.

Once you’ve installed and activated the plugin, you can visit the settings page to choose the image sizes you want to include a watermark on from the thumbnail all the way up to the Full Size images. You can choose any size or sizes that you want to include, not just a size and all smaller sizes. When using the FREE version, your watermark must be an image file in the PNG format, so you’ll want to choose wisely. Finally, you can choose the percentage of the image width that you want to cover with the watermark.

If you want more capabilities, you will need to upgrade to the Ultra version of the plugin currently priced at $30. If you are putting this on client websites, you will need the developer version currently priced at $100.

But What About My Existing Images

The Transparent Image Watermark Plugin doesn’t watermark existing images on your WordPress website. For those images, you’ll need to install the Bulk Watermark plugin. Once you’ve installed that plugin, you can watermark previously uploaded images (JPG only – no PNG images) with either a text or image watermark.

The really nice thing is that you can choose a specific folder of images to watermark so you don’t have to watermark every image on your website. Considering that you can watermark an image with EITHER text or images, if you don’t mind a few extra steps, use this plugin after you’ve uploaded the images rather than the previous Transparent Image Watermark plugin mentioned above. However, keep in mind that it does take a few extra steps.

Add A Watermark To Any Hotlinked Images

If someone is hotlinking your images – and believe me they will – then you might as well get some value for that use of your images and your bandwidth. Here’s a really nice little plugin that can help you with that; it’s called Hotlink2Watermark.

What does it do?

Anytime someone hotlinks one of your images, it automatically puts a watermark of your choosing on the image. You have the option to either display an image as the watermark or display some custom text that you input into the settings menu. There’s also a setting to determine the opacity of the watermark so you can take it anywhere from “0″ (invisible) to “100″ (opaque). Finally, you can determine where to place the watermark from nine different positions.
Hotlink2Watermark WordPress Plugin
How would you like to know whenever someone uses your images by hotlinking? Oh, well, there’s a setting for that as well. Check the box for “Save the referrers” and it will add any hotlinked images and the website hotlinking to them into a CSV file labeled referer.csv. You can open that file and see any website that is displaying your images. Not only is this helpful to find offenders, but it can help you with the .htaccess rules changes so that you can allow your images to be shared on websites that you want without the watermark (such as Facebook, Google+, etc.).

Featured Plugin - WordPress Appointments Plugin

Take, set and manage appointments and client bookings without having to leave WordPress. Appointments+ makes it easy.
Find out more

How Can I Stop Someone Who Is iFraming My Website

This is actually the easiest to thwart. You can add some simple code to your website OR use a very simple plugin. While there are several in the WordPress Repository, there’s only one at the moment that is compatible to the latest version of WordPress. Break Out of Frames is a very simple plugin that doesn’t prevent someone from iFraming your website. Instead, when a visitor is taken to the offenders website with your iFramed content, your website is actually “broken out” of their website and displayed separately – actually bringing your website visitors. It does this by allowing the iFrame to begin loading on their website, then it forces a refresh of the page taking them directly to your website.

Think this is not important?

Do you use Adsense on your websites? If so, it’s a violation of Google’s Adsense TOS to serve your ads in an iFrame, so if you do not prevent this behavior, your Adsense account could become banned through no fault of your own – other than you didn’t prevent iFrames of your website.

O.K. What About My Videos And Downloadables

WordPress Thief - Image, Content, Video, and DownloadsWe’ve covered how to protect your text and your images, but your videos require a little more work. If you put your videos on YouTube, with a little effort they can be downloaded and used anywhere. Plus, people can embed them in their own websites by grabbing the embed code.

For my websites and my client’s websites, I load all my videos (and any downloadable content) to a bucket in AmazonS3. However, in order for people to be able to access them, you must make the links (and therefore the files) public. To combat that, I use a premium plugin that basically locks up the videos and downloads.

That plugin is the WordPress AmazonS3 Video Streaming & Download Protection Plugin. The cost is $17 for a developers version that you can use on your own and client websites.

Using this plugin you can provide time expiring links to audio, video, and downloads. Additionally, you can prevent people from sharing your download links through email and other websites – if they do share the link, the person they share it with will get an error message and your content will be safely preserved.

Installation of the plugin is very simple and straight forward. It can be installed either through the WordPress dashboard or via FTP. Once activated, the setup is a little bit tedious, but the developer has provided a series of tutorials that will walk the user step by step through each part of the process. Don’t be like me and think, “Oh, I can do this.” It cost me several hours because I didn’t got through the setup as it was defined and I missed a very specific point which caused my first download attempt NOT to work.

Additionally, you will need to download the FREE version of Cloudberry software to make your life so much easier. Sure, you can do all the AmazonS3 setup yourself if you want to spend some time learning the specifics, but the Cloudberry package makes it so much easier. Why not just take the easy way and get busy doing other things?

Featured Plugin - WordPress Google Maps Plugin

Simply insert google maps into posts, sidebars and pages - show directions, streetview, provide image overlays and do it all from a simple button and comprehensive widget.
Find out more

Why Install Different Plugins? Isn’t There One That Will Do It All

At this point, you’re probably thinking, “Why not just install a single plugin to do it all?” That is a possibility by using one of the following:

CopyRightPro
WP Content Copy Protection

However, I guess I’m somewhat of a control freak and I like to maintain as much control as possible so I can configure things the way I want them. When I’ve reviewed combo plugins, I’ve found that they either did not do as much as I wanted, did more than I wanted, or there was still a key piece that I didn’t like the results of. Occasionally, I find a combo plugin that does it all and nothing more, but that find is very rare.

If you don’t want to use multiple plugins and find that one of the combo plugins does all that you need, then use them – that’s why I referenced them in this closing section. But, if you’re like me, then you’ll want to find separate plugins for each function that you want. I’ve written this article about the tools that work well for me. But, I’m always looking for additional tools just in case I run into that unique situation that one of these doesn’t work.

I’d love to hear what you’ve used on your WordPress websites that helps to protect your valuable content. Please share your thoughts in the comments section. I’d love to hear them. And, you can expect a comment when I read them. Your input is very valuable here in the wpmu.org community.

Photo Credits:
Eastlaketimes via photopin cc
*saxon* via photopin cc
Picture Perfect Poses
Athens Veterinary Clinic
Cornerstone Productions

Tags

Comments (15)

    • Hey John.

      Thanks for commenting and I’m glad you will find it useful. I also work with several photographers – not because I sought them out, but it just seemed to happen – and most of them are always worried about someone stealing their images.

      Feel free to post this as your next blog post. But, by all means, use your name as the byline and don’t credit wpmu.org as the original publication. LOL. Seriously, feel free to post is as a guest post if you’d like. I’m honored when someone does that as long as the proper credit is given. I don’t really care about it personally, but I want the most exposure I can get for wpmu.org.

      Have a great weekend.

    • Goodday Samedi.

      Glad you saw something of value here. I enjoy putting these articles together, so when someone reads them, puts them to work, and then comments, I really appreciate it. That encourages me to do more.

      Have a great weekend.

  1. While I agree that content is king, and your content is your content, I also have to allow for those that may believe that the ‘net is all about sharing and making information free for everyone.

    Maybe I have a different take simply because I run a non-profit based on 100% donations….

    • Goodday Mike.

      Thanks for commenting – your insight is very valuable to the community.

      There are things that I have no issue with people using of mine – I’d only ask that they ask permission and give credit for whatever they use. However, there are some things that I’ve worked many hours on – missing valuable family time – and I did so with the intention of sharing those items for remuneration. Since “online work” (or play as my family thinks I do) is my primary source of income, I am quite protective of those assets. Just like with anything that I own, if you ask to borrow it, I will probably loan it to you. If you ask to have it, who knows, I might give it to you. But, if you take it, I can get a bit testy with you at that point.

      There are things that I have specialized knowledge about that not everyone has the knowledge of. If I take the time to document those times, present them in a logical and easy to follow manner, and someone can do their job better for it – is there anything wrong with me making some money for my time? I think not.

      I work with some non-profits as well. Lots of things that I do for the non-profits are not for pay. Why? They can’t afford it. But, I do get the exposure to their benefactors and that brings me additional work.

      I understand and appreciate your position and I don’t disagree with it. If we were on the Enterprise, Deep Space Nine, or Voyager, then we would have no need for selling or protecting anything. But, my light bill is due next week and the water bill is due the week after that, so I’ve got to make a living and protect that process.

      Thanks again for commenting. Keep reading and commenting – it’s greatly appreciated.

  2. I find all of this fascinating (and horrifying) because people have dreamed up ways of stealing that would never have occurred to me. What I have is actually a question, but first some context. I’m trying to set up WP to use for my classes. I teach at a community college and am frustrated with the LMSs the state provides. The problem is that I use a lot of textbook publisher’s content (supplied with the textbooks for classroom use) in my presentations (which I upload as PDFs so my students can access them and they’re easy to show in class). I’m pretty sure I will be making each class site a members-only site (as soon as I figure out how…)and my actual question is will that be enough to stop the general run of content thieves? I’m less worried about my students, to whom I’m providing the content, but I am worried about someone stealing the presentations and then using the content or — worse — selling it (and then, the publishers get word and it turns into a giant nightmare…)

    So really my question is if these are members-only sites, password protected, will that be enough or do I need to also implement the above suggestions?

    Any advice is hugely appreciated as I am not new to websites, but very new to WordPress.

    Thank you!
    Nicole

    • Goodday Nicole.

      You might have the perfect opportunity to use BuddyPress in this situation. You would basically create a mini Social Network for all your students and could group them by various methods while keeping certain content private except to those logged in users. BTW, BuddyPress does not replace WordPress – it just enhances it with some functionality specific for those needs.

      However, I want to bring something else to your attention. I don’t know what your licensing of content allows, so you’ll have to check that. But, you’ll also want to read these two articles by James Farmer about EduBlogs and their recent issues regarding potential DMCA violations. Although James was able to get it all straightened out – it created a lot of heartache for he and all the users of EduBlogs for a short period of time.

      ServerBeach takes 1.45 million edublogs offline just 12 hours after sending through a Pearson DMCA notice for a 20 question list…

      ServerBeach Deals With DMCA While Pearson Perversely Perseveres

      Be sure that you have your documentation in order in case your host hits you with a DMCA notice of potential violation. Otherwise you could have more issues than just content theives.

      The AmazonS3 protection system I mentioned would be an outstanding solution, but I don’t think it’s a total solution. Plus, it may be a bit of overkill for your situation. Take a look at BuddyPress and see what you think. If you want to know more about BuddyPress, check out this excellent documentation on the WPMUDev forums.

      You can also find a ton of articles and information right her on wpmu.org as there are many people much more adept with BuddyPress than I am. I’ve used it on one website for a neighborhood association.

      Good luck however you choose to proceed. Be sure to post back if you have additional comments or experiences.

      • James
        Thank you very much for your thoughtful answer. I will be sure to check out the articles you mentioned and will likely go with BuddyPress. These are amazing resources and I wish more of my colleagues were “techie” enough to try some of them.

        Thank you again,
        Nicole

  3. Hey James, while I really LOVED all the tips here I was particularly excited when I saw the recommendation on protecting Amazon S3 content since that’s how I want to host my upcoming product important files (audio, video, pdf).

    My only question for you is, where can I see your site (or any other) in action with all this security applied?

    I would like to see the behaviour of a well protected site.

    Thanks in advance! ;-)

    Sergio

    • Hey Sergio.

      I’m in the midst of moving from an older server to a new server so my whole situation is in a bit of disarray right now. However, I’d be happy to share one of those with you once I am finished moving and verifying all my security issues are in order. In fact, once I’m ready, I’ll send you a link to a protected item so that you can see the results that you will get from it.

      Thanks again for commenting.

  4. Well written article, but in general I think the internet should be for sharing.

    As a content creator you should know that putting something on the internet is equal to sharing it with others and every technique you’ll use won’t be foolproof. Using these options to prevent visitors from ‘stealing’ your content basically kills their default browser behaviour which equals frustration to me. Is it worth frustrating all your visitors to protect your content from the few who want to steal it?

Participate