This is neither a wordpress or Facebook fault but purely a very clumsy solution implemented by photoshelter. In your Photoshelter admin you can choose a “security” precaution preventing people from hotlinking your images. “That's a great feature!” I hear you say. Well. Yes and no. The idea is great and technicly old hat. Been around for a long time. But the way Photoshelter uses it sucks.
When someone hotlinks your images they use your image on their site. Often without permission and they also steal your bandwidth. To prevent this you can create a mod_rewrite.
How mod_rewrite works
Here is a simplified idea of how a mod_rewrite works: If our-website.com asks for a file hosted on our-website.com's filesystem please go ahead and serve that file to the end user, but if not-our-website.com (or any other website) asks for a file belonging to our file system (our-website.com) please don't serve that file.
On top of this you can make a set of conditions. If our-website.com or facebook.com or myspace.com or blogger.com or mydadswebsite.com ask for a file show it. Else don't show anything.
The problem is Photoshelter
Photoshelter won't let you set these parameters nor have they made their own safelist of the most common websites where users share photos. It takes only a few minutes of coding to solve it and I can not for the life of me understand that a large web-corporation has chosen the suckiest solution.
[bctt tweet=”How can a large web-corporation chose the suckiest solution. #photoshelter “]Another solution could be to make to folders. One closed off with a mod_rewrite and one open. The closed one stores the large images and the open folder stores a smaller version for social media sites.
The solution
But for now the only solution is to turn off the “feature” at Photoshelter.
You can read more about hotlinking and mod_rewrite at:
http://www.alistapart.com/articles/hotlinking/
http://perishablepress.com/press/2007/11/21/creating-the-ultimate-htaccess-anti-hotlinking-strategy/