Two Simples Codes to Prevent People from Hotlinking Your Images

It has happened to everyone. You are browsing around the internet when you see one of your images on another site. Instantly, you are miffed that the person didn’t ask your permission or doesn’t even credit you for the image. You might be wondering “What are you supposed to do to prevent this from happening again?” There are hotlinking applications out there, but there is usually fee to buy the license. Here are two ways to prevent people from hotlinking your images.

Modify the .htaccess File

The best way to do this is by modifying your .htaccess file. It should be in the main directory of web site.  Open it using your Text Editor to add the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule .*\.(gif|jpe?g|png|bmp)$ [F,NC]

RewriteCond will allow the sites (your own site URL should be here) that are able to use the images on your site. If you want to allow search engines the ability to have your images show up in the Image Search function, then add the following code:

RewriteCond %{HTTP_REFERER} !google. [NC]
RewriteCond %{HTTP_REFERER} !msn. [NC]
RewriteCond %{HTTP_REFERER} !yahoo. [NC]

You should probably think of adding your RSS feed as well, so your images are displayed on your RSS.

RewriteRule are the files that you do not want people hotlinking.

Use PHP Code

If you prefer using PHP instead. Create a new PHP file, and the following code will allow you to do the same thing as modifying the .htccess file:

if ((!$file=realpath($dir.$_GET['file']))
    || strpos($file,realpath($dir))!==0 || substr($file,-4)=='.php'){
  header('HTTP/1.0 404 Not Found');
if (strpos($ref,'')===0 || strpos($ref,'http')!==0){
  header('Content-Type: '.$mime[substr($file,-3)]);
  header('Content-Length: '.$stat[7]);
  header('Last-Modified: '.gmdate('D, d M Y H:i:s',$stat[9]).' GMT');
header('Pragma: no-cache');
header('Cache-Control: no-cache, no-store, must-revalidate');

The first thing to do is replace ”secret-unknown-name-here” with something that no one but who you want to give access to will be able to guess. Please ensure that you create a directory of the same name.  Where it says, “,” replace that with your own web site’s URL. Add the image extensions that you don’t want to allow hotlinking where you see jpg, png, and bmp. Any files that you don’t want to allow hotlinking, place it in the secret directory.

The best and easiest way to prevent people from hotlinking your images is by modifying the .htaccess file. It’s quick and simple compared to coding it the PHP method. However, whatever way is up to you. On the other hand, hotlinking can be wonderful for search engine optimization (SEO), so you might not want to be too strict on this if you are practicing SEO. However, it’s really up to you how you handle hotlinking and this will help you do it.

Editor’s note: The above method works if and only if the images are hosted on your own server. If you are using third party services like Amazon S3, the above methods will not work.

Image credit: Zemalf