Home » Security » How to stop people from hotlinking to your images

How to stop people from hotlinking to your images



Want to stop people from hotlinking to your images and save tons of bandwidth? When you display images on your website or blog it costs you bandwidth. So if you display an image that is 23 Kb, whenever somebody loads your page and consequently, loads your image, you’ve spent 23 Kb of the allocated bandwidth from your hosting company.

What does hotlinking to your images actually mean? Suppose the exact path to your image files is http://yourdomain.com/images and the exact path to a particular image, let’s say thisimage.jpg is http://yourdomain.com/images/thisimage.jpg.

Anybody can hotlink to this image by directly using the path from his or her website without uploading the file to his or her server like this:

<img src=”http://yourdomain.com/images/thisimage.jpg” alt=”I am an bandwidth thief” />

So whenever the image is being loaded on that offender’s website, your 23 Kb of bandwidth is being spent because it’s actually your server that is providing the image. Imagine if that website is getting thousands of hits per day.

You can easily stop people from hotlinking to your images by making changes in your .htaccess file. This file normally resides in your root folder, so you should download it and take a backup before altering it. Even a small mistake can make your entire website unavailable. Besides, WordPress creates its own .htaccess file if you are running your blog with it.

So once you have your .htaccess file with you, you need to do the following:

RewriteEngine on

We need to use the Apache module mod_rewrite. There is a great probability that you can use it on your server. The above line turns the Rewrite engine on.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?yourdomain.com [NC]

You need to tell the engine that it’s OK if your own website links to the images — after all you’ll be using these images on your own website or blog.

RewriteCond %{HTTP_REFERER} !google. [NC]
RewriteCond %{HTTP_REFERER} !search?q=cache [NC]
RewriteCond %{HTTP_REFERER} !msn. [NC]
RewriteCond %{HTTP_REFERER} !yahoo. [NC]
RewriteCond %{HTTP_REFERER} !bing. [NC]

Since most search engines allow their users to search for images and since you can get lots of traffic through image searches, you should let all the major search engines to hotlink to your images. You can decide not to, though.

RewriteCond %{REQUEST_URI} !^donthotlink.gif$

If you want to show a particular image instead of the actual image — thisimage.jpg in your case — donthotlink.gif will be displayed instead.

RewriteRule .(jpe?g|png|gif)$ donthotlink.gif [NC,R,L]

This is what finally stops hotlinking. This tells the server to show “donthotlink.gif” if somebody tries to hotlink one of your jpe, jpg, png or gif files. You can add more format. Since “donthotlink.gif” may again cost you bandwidth you can store it using one of the free image hosting services and then use the direct link here.

So this is how you can save bandwidth and stop people from hotlinking to your images.