How to Disable Hot Linking to Images

Roll up your sleeves and prepare to edit your .htaccess file.

Important Note:
Messing with your Web site or blog’s .htaccess file is very dangerous. Indeed, if you make an error, the entire site may stop working. Keep that in mind when using these instructions. I will not be held responsible for any problems that result from using this code.

Hot linking is when another Web site links directly to images or other files that reside on your Web server to embed them in their own Web pages or make them accessible to their own site visitors. For example, someone may like an image on your Web site that he/she wants to show off on his/her own. Rather than linking to the page on your site that displays the image, they might use the HTML IMG SRC tag to embed the image on their own site.

There are two problems with this:

  • In many cases, because the image actually appears on the other site, visitors are led to believe that the image belongs to that site’s owner — instead of you. Sometimes the other site owner might provide credit or even a link back to your site. But often times he/she does not. In my book, that’s image theft.
  • Because the image still resides on your server, each time the image is viewed on the other site, your server is required to serve up the image. That uses up your bandwidth. Obviously, if this happens a lot, you might see a slow-down in your site’s response time or your hosting company may begin to charge additional bandwidth fees. In other words, you’re paying to host images on someone else’s site.

The best way to stop hot linking is to modify your site’s .htaccess file to include code that prevents it. In researching this problem, I found several different collections of code. The one that I wound up using as a basis for my final code (shown below) can be found at “How to Disable Hot Linking” on the Online Marketing Blog.

Here’s my code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]
RewriteCond %{HTTP_REFERER} !google. [NC]
RewriteCond %{HTTP_REFERER} !search?q=cache [NC]
RewriteRule .(jpg|gif|png|pdf)$ [R]

Here’s how it works:

RewriteEngine on

Enables mod_rewrite.

RewriteCond %{HTTP_REFERER} !^$

Allows requests made directly for the image without a referrer. You would include this line if you wanted to allow requests from browsers and other sources without referrers. (I commented out this line in my file, but may allow it.)

RewriteCond %{HTTP_REFERER} !^http://(www.)?*$ [NC]

Allows requests made from your Web site. Obviously, you’d replace with your domain.

RewriteCond %{HTTP_REFERER} !google. [NC]
RewriteCond %{HTTP_REFERER} !search?q=cache [NC]

Allows requests made from Google and search engines. If you don’t want your images to appear in search results, don’t include these two lines.

RewriteRule .(jpg|gif|png)$ [R]

Prevents images with .jpg, .gif, and .png extensions from appearing on pages with any other referrer. Instead, it shows the image shown here.

If you don’t want to include the image, you can use this line instead to result in a broken image icon:

RewriteRule .(jpg|gif|png)$ - [F]

Keep in mind that using this approach will prevent images from appearing in feed readers, too, so it’s not a good idea if you share your images with others via RSS.

Of course, to add or modify a .htaccess file, you need to know how. That’s beyond the scope of anything I’ll ever write. These instructions assume you already have some idea of how to do this. If you want to learn more about using .htaccess to control access to your Web site, be sure to check out this tutorial.

One more thing…please don’t expect me to help you debug your .htaccess file. Believe me, I know only enough about .htaccess to be dangerous; you would be better off without my help. Good luck!

3 thoughts on “How to Disable Hot Linking to Images

  1. I’m currently In the process of tweaking my site, your advice concerning image linking was very helpful and clearly stated. Thank you for sharing your knowledge.

Questions? Comments?
Share them here!

Comments are moderated. I encourage comments that further the discussion, but will not tolerate rudeness or spam. Your email address is never shared.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>