How to Prevent Image Hotlinking using .htaccess


Prevent image hotlinking

Image hotlinking can be a serious problem for your website if not handled upfront. It can not slow down your website but also affect your business adversely. That’s why you must prevent image hotlinking before it becomes too late

 

What is Image Hotlinking?

Image Hotlinking is when someone uses your image on their website by linking directly to it. So when people visit their website, the images on their web pages are loaded from your server. This only slows down your website and consumes your network bandwidth. It’s already bad when people use your images without your permission. It’s even worse when they don’t even load it from their servers.

 

How to Find out if Someone is Hotlinking your Images

You can easily find out if someone is hotlinking to your images using Google Images. Just type the following search string:

inurl:yourwebsite.com -site:yourwebsite.com

This command will look for every image from your website and exclude all those images that are present on your website. As a result, you get all those images that have been hotlinked to your website.

You can also use content delivery network (CDNs) like CloudFlare that provide Hotlink Protection out-of-the-box.

 

How to Prevent Image Hotlinking using .htaccess

Open your .htaccess file in a text editor, and paste the following lines directly. Update the part in bold (example.com) with your website’s domain name. The following command will prevent image hotlinking from all websites.

 

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)example.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|png)$ - [F]

 

If you want to block hotlinking of other types of content (zip, mp3, css, pdf), you can paste the following command

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)example.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf)$ - [F]

This will prevent image hotlinking as well as hotlinking of other types of content such as (zip, mp3, css, pdf)

 

However, if you want to serve alternate content, such as an image (e.g hotlink.gif) explaining that hotlinking is disabled, you can use the following commands:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com/.*$ [NC] 
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf)$ http://www.example.com/hotlink.gif [R,L]

In this case, when someone tries to access a hotlinked image, they will be shown a different image (hotlink.gif)

 

All the above commands prevent image hotlinking from all websites. However, in most cases, you may not want to block popular sites like Google, Facebook, Twitter from linking to your images. In such cases, you can use the following commands.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?google\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?facebook\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?twitter\.com(/.*)*$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(gif|jpg|jpeg|bmp|png)$ - [F]

 

This will allow those popular websites to load content, including your own website (www.example.com)

 

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!