How to setup Hotlink Protection

Martin Brinkmann
Aug 1, 2007
Updated • Jul 27, 2013

Hotlinking is a technique that is frowned upon on the Internet. This happens if you upload a file to your webserver and someone else links to that file directly, effectively using your bandwidth to display and or spread the file on the third party website. This happens most often with images, but it could also be happening with other file formats such as zip or pdf files.

There are two main issues associated with hotlinking. First, the bandwidth of the server the image was published on first is being used while the original uploader has no gain or benefit from the publication on another server. Second, hotlinking is often a rights issue as well, with sites that hot link to images often not permitted to share the files directly.

The best way to stop someone hotlinking your files is to use a htaccess file which you can configure to prevent that specific file types are hot linked by third party sites that you specify.

You basically place the htaccess file into a directory, so that it protects all matching files in that directory, as well as all subdirectories. If you use a webhosting account you should make sure that you can actually use .htaccess files on it, before you try and implement this feature.

To use them you simply upload a file called .htaccess to a directory on your website and edit it with the following information to prevent hotlinking:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)? [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

You have to edit the domain name of course and add other file types to the list in the fourth line. If you have another domain that should be allowed to display your files directly, you simply add the third line again and edit the domain name accordingly.

You may want to do that if you are using a content distribution network or other cache locations for example, or if you want your files to be displayed on select sites specifically.

If you have a WordPress blog and can't use .htaccess you could use the WordPress plugin called Hotlink Protection which basically does the same thing but does not allow the addition of other domain names.

Webmasters who have access to CPanel, or a comparable administration backend, can also use it to configure hotlink protection for their websites and domains. It is however important to make sure that the protection works the way it was intended to.

I suggest you test the protection once you have set it up to make sure that files display correctly on all whitelisted domains.


Previous Post: «
Next Post: «


  1. Martin said on August 2, 2007 at 5:31 pm

    African Boy that’s why the name of the site is mentioned in the code :P

  2. African Boy said on August 2, 2007 at 3:29 pm

    As long as only the owner site can access the file, nice piece of information.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.