How To Prevent Image Hotlinking in Apache/WordPress

Sreeram Sreenivasan

Last updated on September 21st, 2021 at 10:44 am

Image hotlinking not only slows down your blog/website since their images are loaded from your server, but is also bad form. So it is important to disable image hotlinking on your webserver to stop image hotlinking from other websites. Here’s how to prevent image hotlinking using .htaccess file in Apache web server.

 

How To Prevent Image Hotlinking in Apache/Wordpress

First, find out if anyone is hotlinking to your image by going to Google.com and searching for

inurl:yourwebsite.com -site:yourwebsite.com

If Google gives any search results, then your images are being hotlinked on other sites. You can visit the search results to find out who’s behind it. Nevertheless, you can tweak your Apache server’s .htaccess file to stop image hotlinking from continuing further.

 

1. Open .htaccess file

You will typically find .htaccess file in your site’s root folder (e.g /var/www/html/). You can open it using vi editor

$ sudo vim /var/www/html/.htaccess

 

Bonus read: How To Redirect Subfolder To Subdomain

 

2. Prevent Image Hotlinking using .htaccess

Add the following lines to your .htaccess file.

/* Prevent image hotlinking in WordPress */
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?twitter.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?other-websites-if-any.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

The above lines disable image hotlinking from all sites except google, facebook, twitter, and your own website. If you don’t want to allow hotlinking from any website, other than yours, add the following lines instead.

/* Prevent image hotlinking in WordPress */
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]

The last line will disable hotlinking of jpg, jpeg, png and gif files. You can also add/remove file extensions if you want, in the RewriteRule above.

 

Bonus Read: How To Redirect To Subfolder Using .htaccess

 

3. Restart Apache Server

Restart Apache Server to apply changes

$ sudo service apache2 restart

That’s it! Now even the previously hotlinked images won’t be available to those who are trying to use images from your website.

Bonus Read: How to password protect folders in Apache

 

By the way, if you want to create dashboards & charts to monitor your business or website, you can try Ubiq. We offer a 14-day free trial.

Related posts:

How to Redirect and Keep Original URL using htaccess
How to Install and Configure mod_pagespeed with Apache
How to Install Varnish in Ubuntu
How to Change Default Timezone in Apache/PHP