Stop WordPress Content Thieves From Stealing Your Content – And Your Bandwidth
I’m on a lot of marketing email lists, and I actually read a lot of emails. Recently, I received an email from a marketer and began reading the first line of the email. It read, “I didn’t sleep very well last night. No, it wasn’t because of a barking dog, a crying child, or my WordPress website had been hacked.”
I stopped reading cold; those words were familiar – too familiar. Well, they should be. I wrote them. In fact, I wrote them just a few weeks ago for an article right here on wpmu.org. I clicked the link in the newsletter to their website and there was my entire article reproduced on their website – images, wpmu.org ads, and all. I had the byline on the website, but I was still shocked to see that someone else had used my article on their website.
Although that was O.K. with me – as long as they gave wpmu.org the credit for the original publication – it reminded me that there are unscrupulous people that will steal your content without giving you credit for it. Or worse yet, share your paid products without you getting paid for them.
There is very little that I despise more than a thief. It doesn’t matter if they are stealing money, physical items, time, or digital creations. A thief just has no respect for the property of others. When that thief steals your photos, your videos, or your digital downloads, they are not only stealing your product, but your bandwidth. All of that costs you money.
When it comes to the properties that exist on WordPress websites that I’m responsible for, whether they are my websites or my client’s websites, I want to protect that digital property from those who would take it without permission. We will look at several methods to protect each type of WordPress website property. By no means are these ALL the methods available, but they are some of the ones I’ve used for my clients.
To begin with, let’s look at the different types of content theft that can occur.
Stealing Images On WordPress Websites
Probably one of the most common thefts that occur on WordPress website is the theft of images. With no protection methods employed, the easiest method to steal someone’s image is to simply right click on the image and choose to download the image. If the image can be left clicked and opened in the browser, then you can save the image by using the right click context menu.
Another method is to simply “hotlink” to an image. In case you don’t know, hotlinking is when you use the actual link to someone else’s image in your own post. Those thieves are so doggone lazy they don’t even bother to download the image and upload it to their own server. If their post is popular, this can chew into your bandwidth.
Stealing Text On WordPress Websites
Another common theft is your written text on your WordPress website. Just as with images, the simplest way to steal that content is to highlight it with the mouse, then either use the right click context menu to copy the content, or just click <CTRL> and <C> on a PC. Once you have it copied to the clipboard, you can paste that content anywhere that you’d like.
iFraming Your WordPress Website
Another method of theft that is not considered theft by many people that I talk to, is someone iFraming your website into their own website. In a way, they are not really “taking” anything, but they are using your content without sending people to your website.
Recently I was building a website for an insurance agency and the owner wanted me to just use the insurance companies’ website proposal software but put it on their website (they wanted me to iFrame the pages in, but they didn’t know to call it that). Several of the companies had placed scripts on their website to block that from happening while others did not.
Regardless, I cautioned them against doing this as it is analogous to stealing.
Recently, two new WordPress plugins have been released around this concept. These plugins iFrame any website you want and then provide an overlay in a lightbox style that can be anything that you want to include – an offer of a free product, a CPA offer, or even a blatant product for sale offer. Although I buy a lot of WordPress plugins – especially if they’re different – I passed on this one as I personally believe that iFraming content (such as a CNN news story) into my own website and then putting my own advertising over it to be unethical at the very least – but analogous to stealing in the worst case.
Stealing Videos On WordPress Websites
If your website content is primarily videos (such as training videos), then it’s actually quite easy for someone to steal that content. Just as with photos above, you can use the right click context menu on many videos and grab the content. If you can’t grab it that way, then there are many extensions available for FireFox and Chrome that will allow you to download videos from a WordPress website.
Stealing Downloads On WordPress Websites
Second only to image theft, this is probably the most notable type of content theft. This can occur in a number of ways; to name a few:
- Poking around your server’s directory structure to find digital downloads
- Sharing your download link either directly or on black hat websites
- Sharing your download package directly or on black hat websites
What Can Be Done?
All I Need To Protect Is My Copy
If all you wish to protect is your copy, then you can install a simple WordPress plugin called WP Control Copy. This plugin has some excellent features that I like, plus, it doesn’t disable the right click menu.
Features I Like
Who Can Copy Text
This allows you to limit the privilege of copying text from your blog to Logged In Users, Everybody – or diable it entirely by choosing ‘Nobody!’ Additionally, regardless of the setting, copying is not prohibited in the back end once you are logged in.
A really nice feature is that this plugin will allow you to automatically add some crediting text to anything that you allow to be copied. This way, if someone does copy your text, at least you have the possibility that they will not delete the crediting line. Of course, they can always delete it, but at least you’ve made it easy for them to give you credit.
Logged In Users Get Clean Copy
If you allow logged users to copy your text, this option gives you that ability to let them get that copy WITHOUT the “Added Text” if you’ve enabled that option.
Where To Add WP Control Copy
This option allows you to choose where the copy control is enabled. Your options are Everywhere (the entire website), Only Posts (so only your posts are copy protected), Only Posts and Pages (only protects copy on your posts and pages), or Specific Post/Page ID’s (which allows you to enter the ID numbers of any pages or post that you want to copy protect).
This gives you the capability to display an alert window (with text that you can customize) for three different situations:
- When the copy fails (either the user is not logged in or you have copy completely disabled)
- When the copy succeeds (regardless of what type of copy is allowed)
- When either of the above conditions occur (it displays a message for a fail or a succeed)
- Never (this just doesn’t display a message for any reason – my least preferred method)
As I stated to begin with, if you only objective is to protect your copy, then this is an almost perfect plugin.
But I Need To Protect Images
No problem. Simply install another plugin called No Right Click Images Plugin.
Once you’ve installed and activated the plugin, you have to configure it so that it works like you want it to. The first option is to choose whether you want to “Replace the image on right mouse click”. When this option is activated, if someone right clicks on your image, they don’t get your image, but instead get the image to the right of this paragraph. This is especially useful for visitors using FireFox as they can disable most right click prevention methods.
The next option is Prevent Drag and Drop. Users may be able to drag images to their desktop and drop them there. This option prevents them from doing just that.
The final option is Allow For Logged Users. If checked, this allows logged in users to actually be able to use the right click menu to download images. This can be handy for the WordPress website owner or administrator to pull images down to use on another website without having to go to an FTP program.
I’d Like To Watermark My Images
Several of my photographer clients add watermarks to photos that they place on their website. Since they’re already using PhotoShop to edit the photos, they usually use a PhotoShop Action to quickly add their custom watermark to every photo that they release.
However, if you are not using PhotoShop, you can install the Transparent Image Watermark plugin on your WordPress website.
Once you’ve installed and activated the plugin, you can visit the settings page to choose the image sizes you want to include a watermark on from the thumbnail all the way up to the Full Size images. You can choose any size or sizes that you want to include, not just a size and all smaller sizes. When using the FREE version, your watermark must be an image file in the PNG format, so you’ll want to choose wisely. Finally, you can choose the percentage of the image width that you want to cover with the watermark.
If you want more capabilities, you will need to upgrade to the Ultra version of the plugin currently priced at $30. If you are putting this on client websites, you will need the developer version currently priced at $100.
But What About My Existing Images
The Transparent Image Watermark Plugin doesn’t watermark existing images on your WordPress website. For those images, you’ll need to install the Bulk Watermark plugin. Once you’ve installed that plugin, you can watermark previously uploaded images (JPG only – no PNG images) with either a text or image watermark.
The really nice thing is that you can choose a specific folder of images to watermark so you don’t have to watermark every image on your website. Considering that you can watermark an image with EITHER text or images, if you don’t mind a few extra steps, use this plugin after you’ve uploaded the images rather than the previous Transparent Image Watermark plugin mentioned above. However, keep in mind that it does take a few extra steps.
Add A Watermark To Any Hotlinked Images
If someone is hotlinking your images – and believe me they will – then you might as well get some value for that use of your images and your bandwidth. Here’s a really nice little plugin that can help you with that; it’s called Hotlink2Watermark.
What does it do?
Anytime someone hotlinks one of your images, it automatically puts a watermark of your choosing on the image. You have the option to either display an image as the watermark or display some custom text that you input into the settings menu. There’s also a setting to determine the opacity of the watermark so you can take it anywhere from “0” (invisible) to “100” (opaque). Finally, you can determine where to place the watermark from nine different positions.
How would you like to know whenever someone uses your images by hotlinking? Oh, well, there’s a setting for that as well. Check the box for “Save the referrers” and it will add any hotlinked images and the website hotlinking to them into a CSV file labeled referer.csv. You can open that file and see any website that is displaying your images. Not only is this helpful to find offenders, but it can help you with the .htaccess rules changes so that you can allow your images to be shared on websites that you want without the watermark (such as Facebook, Google+, etc.).
How Can I Stop Someone Who Is iFraming My Website
This is actually the easiest to thwart. You can add some simple code to your website OR use a very simple plugin. While there are several in the WordPress Repository, there’s only one at the moment that is compatible to the latest version of WordPress. Break Out of Frames is a very simple plugin that doesn’t prevent someone from iFraming your website. Instead, when a visitor is taken to the offenders website with your iFramed content, your website is actually “broken out” of their website and displayed separately – actually bringing your website visitors. It does this by allowing the iFrame to begin loading on their website, then it forces a refresh of the page taking them directly to your website.
Think this is not important?
Do you use Adsense on your websites? If so, it’s a violation of Google’s Adsense TOS to serve your ads in an iFrame, so if you do not prevent this behavior, your Adsense account could become banned through no fault of your own – other than you didn’t prevent iFrames of your website.
O.K. What About My Videos And Downloadables
We’ve covered how to protect your text and your images, but your videos require a little more work. If you put your videos on YouTube, with a little effort they can be downloaded and used anywhere. Plus, people can embed them in their own websites by grabbing the embed code.
For my websites and my client’s websites, I load all my videos (and any downloadable content) to a bucket in AmazonS3. However, in order for people to be able to access them, you must make the links (and therefore the files) public. To combat that, I use a premium plugin that basically locks up the videos and downloads.
That plugin is the WordPress AmazonS3 Video Streaming & Download Protection Plugin. The cost is $17 for a developers version that you can use on your own and client websites.
Using this plugin you can provide time expiring links to audio, video, and downloads. Additionally, you can prevent people from sharing your download links through email and other websites – if they do share the link, the person they share it with will get an error message and your content will be safely preserved.
Installation of the plugin is very simple and straight forward. It can be installed either through the WordPress dashboard or via FTP. Once activated, the setup is a little bit tedious, but the developer has provided a series of tutorials that will walk the user step by step through each part of the process. Don’t be like me and think, “Oh, I can do this.” It cost me several hours because I didn’t got through the setup as it was defined and I missed a very specific point which caused my first download attempt NOT to work.
Additionally, you will need to download the FREE version of Cloudberry software to make your life so much easier. Sure, you can do all the AmazonS3 setup yourself if you want to spend some time learning the specifics, but the Cloudberry package makes it so much easier. Why not just take the easy way and get busy doing other things?
Why Install Different Plugins? Isn’t There One That Will Do It All
At this point, you’re probably thinking, “Why not just install a single plugin to do it all?” That is a possibility by using one of the following:
However, I guess I’m somewhat of a control freak and I like to maintain as much control as possible so I can configure things the way I want them. When I’ve reviewed combo plugins, I’ve found that they either did not do as much as I wanted, did more than I wanted, or there was still a key piece that I didn’t like the results of. Occasionally, I find a combo plugin that does it all and nothing more, but that find is very rare.
If you don’t want to use multiple plugins and find that one of the combo plugins does all that you need, then use them – that’s why I referenced them in this closing section. But, if you’re like me, then you’ll want to find separate plugins for each function that you want. I’ve written this article about the tools that work well for me. But, I’m always looking for additional tools just in case I run into that unique situation that one of these doesn’t work.
I’d love to hear what you’ve used on your WordPress websites that helps to protect your valuable content. Please share your thoughts in the comments section. I’d love to hear them. And, you can expect a comment when I read them. Your input is very valuable here in the wpmu.org community.