How to deter image and bandwidth theft

take control from thieves

Lately I’ve been finding more and more people lifting images directly from my blog and using them on their own websites (a practice known as hotlinking). Not only is this stealing, but each time someone visits the page that hotlinks my images, it drains the bandwidth I’m paying my web host for.

The last straw came when Cat sent me an email asking, “Isn’t this yours?”

She linked to yet another blog where the owner had simply copied and pasted my blog post source code, taking credit for what I’d done. My top 50 graphic design blogs round-up proved popular, and a lot of people were using the images on my server to decorate a similar (or identical) piece on their websites.

With a little .htaccess wizardry, anyone lifting my images now has a web page like so (click image for larger version):

image thief

Here’s the actual stolen blog post. Numerous attempts to contact the person who owns the website yielded no response. I wonder how long my replacement images will be there for? (Link removed due to post removal).

Here’s how to deter the thieves

You need to add some code into your .htaccess file, which should be in your website’s root directory.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]

In my case, I changed the mysite text above to davidairey, and you would add your own domain here.

Then I created a custom image titled nohotlink.jpe, and uploaded it to my /image/ folder. Notice the file extension .jpe – this is because .jpeg and .jpg files are now blocked from appearing on third party websites, but this exception allows you to show your custom image. Here’s mine:

no hotlinking

I could use something more creative, such as “I love David Airey” and a photo of me inside a heart, but this’ll do for now. Any suggestions?

It’s reasonable to assume that people have hotlinked my images without realising it’s wrong. So I’ve updated the custom image to something less radical (below).

no hotlinking

For a more detailed tutorial, check out how to stop hotlinking and bandwidth theft. There are also other options for banning particular websites or removing the need for a custom image. If you use images across different websites, it’s also possible to add exceptions to the rule so you don’t block use between sites of your own.

One thing I’m not so sure about is what effect this has on your organic search engine traffic. Can Google, Yahoo, MSN, etc. still provide image search traffic with this .htaccess addition?

For me this isn’t a problem, considering the mess made after my domain name theft, but it’s worth knowing the answer if you receive a lot of visitors through image searches.

Read about image hotlinking elsewhere:

Header image courtesy of The Diplomat

218 responses

  1. A useful and helpful technique! Thanks David. I am not really exposed with plagiarism before until 3 years ago I entered International Baccalaureate Diploma.

    Each designer should take into account this issue as we don’t want to be sued or we might want to sue someone for taking our design (either web or graphic) without any acknowledgment.

  2. Rafie, it’s definitely something to think about for designers with blogs.

    Patrick, thanks for the link. I’ve added it to the ‘third party reading’ in the content above and have changed my .htaccess to whitelist those search engines.

    The hotlink section of my .htaccess now reads:

    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?davidairey\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn\. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo\. [NC]
    RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]

  3. After reading your post I thought I came up with a novel and unique idea to create a ‘better’ rewrite rule. Instead of sending the hotlinking user an alternative image which tells them to ‘get lost’, you could instead send the original image watermarked. This would have the added benefit of displaying your artwork to pottential customers on another blog, but still reference it back to you.

  4. That is hilariously awesome, I had never seen this idea before now. I don’t put a lot of images in my articles or I may actually “steal” your idea. I do wonder how long those two sites will have your custom image up.

  5. I also had one of my topics stolen recently, unfortunately on this occasion the hotlinked topic gained quite a bit of exposure and took away some of the limelight from the original which was a bit frustrating.

    This solution would have been good fun to put to use! I’ll have to remember it for next time..


  6. David, Thank you very much for the information. This helps very much, especially for beginners like me to be aware of information thieves.

    I checked those links and they are still loading images from your site..!!

  7. I just want to say thanks for bringing up this topic. In the past I have just renamed any stolen images rendering any linkage useless but it is hard to keep up. Your solution seems much more efficient.

    Many years ago I had the graphics and copy of a whole web site stolen, which I only discoved after Googling one of my key phrase. I eventually granted the thief the use of my material after a substanial payoff and a link to the original site.

    This kind of theft is enough to make anyone see red!

  8. Dustin, as I stole this idea from others, you’re more than welcome to steal it from me.

    Chaitanya, you’re very welcome. I imagine those custom images will be up for a while, especially on the many other websites that have been hotlinking images for some time.

  9. Haha, that was a truly epic win there, David!

    I’ve caught several people stealing images off my site as well, I think I will use this technique to help out with any possible thieves in the future! My thanks to you!

  10. David –

    I think this is a great idea and is something that I’ve implemented a few times in my life. Depending on the offense (and the site I’m implementing on) I’ve taken different tactics… I won’t say I’ve done it, but I know some folks who redirect people to “hello.jpg”. If you’ve been around the net a while then you probably know what that is… if not, check out:

    Anyway, my main reason for posting is to say that I don’t really use this much anymore. I make sure all of my images are watermarked with my copyright & URL and I host them all from my SmugMug account. There are no bandwidth restrictions for pros & they are OK with blog/site usage (within limits – they don’t want to be the backend for youtube, but blog use is OK).

    Now I don’t need to worry about this too much since my large files (photos) are served up by SmugMug, they’ve automatically got my URL watermarked, and my pages overall load faster because you’ve got multiple sources of the data needed for a page. Not a solution for everyone, but it works well for some.


  11. I like the idea, but I do like Grouse’s version better.
    In the second example (Garcinga blog) he isn’t actually saying he wrote the article, and is just linking to your blog, so I guess your approach would be a bit radical.

  12. I agree with Yaili. To anyone who credited your work, they shouldn’t get banned. They at least drive the traffic back to your site, which is something you always should welcome. But your idea is excellent!!

    Oh…as of now, your a bit of radical approach has made your images in your top 50 blogs the same as these two thieves. So you better look into it now.

  13. Thanks David for this post!!!! It is really helpful…even thought I am not been subject to plagiarism a have quite a bit of infos on my site that i won’t share with other random website. Thanks also for the comments……really helpful blog

  14. Yaili, I’ve been thinking about this, and both you and Grouse have a good point. I can remember one hotlinker I contacted telling me they had no idea it was an issue, and they removed the images immediately.

    So I’ve updated my custom image to something less radical, and it no longer mentions stealing. I prefer the new one anyway. ;)

    • Right! I had no idea this was an issue! I was simply looking for a happy Halloween image to share with my friends and family. Then I got this “Stop stealing bandwidth ” image. I have wifi and can’t see what else it would mean. Lol

  15. Excellent Post David.

    Apart from stealing other people’s bandwidth, it could also slow down their page loading times, if hotlinking to slow loading websites. I guess most people are simple not aware, using a Desktop Blogging Client like Windows Live Writer would avoid this for the less savvy bloggers.

    What happens when I steal “I Love David Airey” image ;-) ?


    PS I want a I Love Terinea Weblog logo, maybe people could adopt yours a banner link, its quite retro/cool!

  16. I often see my articles and images on various dubious sites – it’s very annoying. I like this idea but it doesn’t really save you any bandwidth as the scraper/splogger is still referring to AN image on your server, albeit not the image that they think.

    I suppose it could act as a deterrent but I fear most of these blog scrapers are actually just automated scripts than go through rss feeds – there’s little or no human involvement – so the scraper has no shame.

  17. After experiencing a recent website theft and numerous photos being stolen (and just hotlinked), this looks like a potential way to deter folks. Not sure if others are experiencing this, but now when I view any of your articles in Bloglines, all images are this “I heart David Airey” image. (I had a few articles marked to save and reread). Maybe it’s just something odd on my side?

  18. Chris, I don’t mind pointing a little traffic to those sites for now. Helps to illustrate my article. The links are nofollow.

    Jamie, try stealing my stealing image, see what happens. Let me know if I can help out with your Terinea version.

    Aaron, valid point that it doesn’t save you any bandwidth. It’ll act as a nice deterrent for those who know what they’re doing, and can be a nice form of advertisement on the scraper sites.

    Dan, good idea. Cheers.

    Lor, I’d not thought about the Bloglines issue, so just ‘whitelisted’ it. I’d appreciate you letting me know if those previous posts show images now. Thanks for the heads-up!

  19. Thanks David for telling that excellent htaccess trick, I always thought how this works when i used to see image blocked etc like messages on hot linked images.

  20. Oh, my. I didn’t realise you could even do this. Well done David!
    (and where do you find all this great stuff?)

    I’m also of the opinion that a lot of newbies don’t know about web manners yet (even old timers slip up at times), so your new “I Love David Airey” is more apt. It’s also closer to who you really are.

    Several years back I had someone do similar so I changed the graphic. Your option is much better as my readers don’t lose out.

    At the time, some people suggested exchanging the linked graphic with a huge graphic that would take up their whole site. Tempting … :-)

    An as mentioned, adding a url wouldn’t go amiss …

    “I HEART” or some such.

    Again, it’s closer to the truth because they wouldn’t steal something they didn’t admire. Yes?

  21. Hey David, I can see that even you are a designer, you know a lot about stuff like this .htaccess thing.

    I’ve just visited the thief’s blog, it looks hilarious now :-D

  22. Hey David,

    Just a little word of caution. I tried using this exact same technique (from the same site you are using) and it didn’t turn out to well. I tried using it on NiceStylesheet (my CSS Gallery) and had numerous emails come in from visitors that they couldn’t see any of the images on my site or their feed reader wouldn’t display the images or both. It seemed hit or miss. Some had no issues and others couldn’t see any images, so maybe just watch out for that.


  23. I think that is AWESOME! (The code, not people “Stealing” images) One of the things that I was thinking is what would stop people downloading your images and then using them off of their server? I know that would save your bandwidth, but it still does not protect your images… I guess nothing is foolproof.


  24. “if you take a look at their website they already have your images back.”

    I’m still seeing ‘I Love David Airey’. But if that’s the case, perhaps it’s time to contact WordPress? Because that’s where they’re hosting their blog.

  25. Man thanks for this post, I had a laugh checking out the 50 graphic design blogs with your ‘I heart David Airey’ images all over the place, it’s priceless lol I wonder for how long the images will stay there.

    Ok, now gotta go edit my htaccess file :)

  26. @ Deron Sizemore

    I think the problem you are coming across will be due to rss readers essentially hot-linking to your images when reading the rss feeds.

  27. @Grouse,

    For my CSS gallery, every image in the gallery is a thumbnail and I do not have full sized images. So… I’m not sure this would work for me since I don’t have two different images? Seeing has I don’t have a “…tn.jpg” copy, I would have to allow “… .jpg” and I think I’d be in the same situation that I’m in now?

    This was just one part of the equation though. I actually did have readers sending email saying that they could not see the images on the site even, so that’s why I removed the hotlink blocking.


  28. Thanks for posting this article. I never thought about that before, but now that I’m starting to blog again, it is definitely something to be aware of.

  29. It would be nice to see something like this incorporated into a working WordPress plugin. A one click smash to stop thieves!

    *Also of interest is this, an online anti-hotlinking test tool. After modifying .htaccess, we can make sure it works.

  30. I think a lot of people simply don’t realise what they are doing. Most of the genuine bloggers I’ve contacted when this has happened to me have apologised and thanked me for pointing it out. It’s annoying how many people run a blog with no visible means of contact though. Like having a house with no front door.

    Sploggers are a different matter though. This might be a naive question but doesn’t it use up your bandwidth to have them display your ‘David Airey’ graphic? If so, I assume the deterrent value makes it worthwhile.

    And hey! Where did you get the ‘latest post from commenters’ plugin? Very cool.

  31. “Where did you get the ‘latest post from commenters’ plugin?”

    I’d also love to get that plugin … although, where is my latest post? … hmmm ….

  32. Cat – it’s from a WordPress plugin called CommentLuv.

    This is a really funny and clever solution. Reminds me of a guy who realized that his Wifi connection was being pirated, so he coded up a filter than made all unauthorized content appear upside down.

    The difference is that in your case, some of the scrapers are well-meaning but ignorant, as you point out. I had a ‘fan’ copy an article from my site and then her site got dugg by a Power Digger. She might have made the front page but her site couldn’t take the load either way…

    However, I would say that more often than not, there are bad intentions in mind and you need to protect yourself.

    Use plugins like Bad Behavior and CrawlTrack to block bots as a first layer of defense.

    For the second layer:

    Images – watermarking or filler content, you’re covered here already.

    Text- there’s a WordPress plugin called AntiLeech that similarly feeds fake content to scrapers.

    Code- there are a number of ways to obfuscate code but this is really a double-edged sword and requires extra care to manage.

    For the 3rd layer, when horse has left the barn:

    Plugins like Digital Fingerprints allow you to recognize if someone is stealing your content so that you can complain to their ISP or better, Google. After all, if the thief’s site is de-indexed, it basically ceases to exist.

  33. Lor, good of you to double-check for me.

    Hashim, you’re very welcome.

    Cam, by all means, steal my code. Just don’t lift anything off my server, unless you really love me. ;)

    Beth Ellen, I wasn’t sure how you’d find out, unless there was a link back to your site (or someone kindly informed you about it, as Cat did). However, Jacob has just left an informative comment above, detailing a plugin called Digital Fingerprints. That seems like it’d help out, although I haven’t tested it yet.

    Cat, glad you like it better, and thanks for the web address suggestion, which I’ve implemented. As for finding such info, I like to keep my ear to the ground about hosting issues, particularly given the problems I’ve encountered lately.

    The plugin to show commenter’s latest blog post is called CommentLuv, though I’m not sure why it doesn’t pick up BoDo. I just took a quick look at the feed URL on your homepage, and wondered why it has /Swxl at the end. Perhaps that has something to do with it, but I’m really no expert.

    Edmund, that would be a strong deterrent, but not really my style.

    Deron, making sure your images still appear in feed readers is a good point, and one that Lorissa brought up when she couldn’t see mine in Bloglines. I added to the ‘whitelist’ in my .htaccess file, and we’re good to go.

    Matt, you’re right. I guess that if someone really wants to use your images, there’s nothing to stop them. I don’t mind so much if people take my images and host them on their own servers, it’s just the using my bandwidth issue that makes it worse.

    Jon, thanks for dropping in, and good luck with your own .htaccess file.

    Mark, it does use my bandwidth when people show my custom image. If they’re going to steal images, better to turn them into a self-promoting ad. I’ve linked to the CommentLuv plugin above (the one you asked about).

    Jacob, nice insight, thanks. I’ll have to check-out those plugins. I’m not using any at the min.

  34. David,

    A more interesting approach to this would be to redirect to a PHP/ASP page that logs the referer (i.e. the page requesting the image) in a database and then redirects to your .jpe image.

    This way you’re not only showing your ‘stolen from’ image on their website, but also finding out WHO is hot linking to your images.

  35. David,

    Great article as ever. No sooner had I read it (and decided it would never happen to me) I was the victim of content theft! Thanks for the article, I’ve now taken steps. Just goes to show a site of any size could be the target of scrapers.



  36. …just a note David, your blog post (where the images were hotlinked) ‘top 50 graphic design blogs ” started with Veerle’s Blog PR8 …that blog is now PR7, so there should be not PR8 section at all unfortunately :(

  37. Mmmmm htaccess is one area were I really should pay more attention to. I think I will definately use this for a website I am creating at the moment.

    btw I do think the love david airey updated image is a better and nicer one to use

  38. That’s awesome! I don’t know if anyone is actually stealing images of mine, but I’m going to do this right away. Just have to fire up Photoshop and make an image lol. Thanks for the great advice David!

  39. Thanks David and Jacob.

    I’m not sure why Business of Design online isn’t showing up here. When I went to get the plugin, I typed the url into their form and it worked.

    There have been SO many new plugins written since I started DWB. But, what to pick, lah?

    I am checking out how to have php inside a post so if you have any tips for that, please feel free as my feeble attempts are not working (I’m taking the blogroll off and putting it into its own page).

    And of course I’ll use your advice at Business of Design online as we have a similar problem with copy (just not as bad as what you have here).

  40. David, pretty please, could you edit out the link to DWB’s play version in my last post? I tried to, but didn’t get back here on time. I keep forgetting that blog comments are not email :-D

  41. YIKES! I’d better go and check out the images on my site. I’d really hate to give you any free link love =P

    Seriously, I think this is a very clever way to avoid theft. I’ve noticed that Top 50 blog design-related posts are very often stolen. I did however also notice that one blogger asked for permission first.

  42. Wow…
    He still hasn’t changed it.

    As for me, I haven’t done it yet – but I shall soon.
    I’m gonna say something along the lines, “Hey, don’t steal my bandwidth!” and then my blog’s URL.

    But I am curious about how it would effect Google rankings…

  43. On the bandwidth issue, you should actually be able to save some – simply make your substitute image an 8-colour gif or some such. This will only be a few kilobytes whereas the images they might be trying to nick could be much much larger.

    You take it to it’s natural conclusing by making it a 1px square dot

  44. Could you be even dirtier on this and refer to a dynamic page (PHP, .NET) that includes a 302 redirect in the response?

    This way you could actually redirect the user to a page on your website?

  45. This is certainly something I’m going to implement. Thanks, David.Now, how about a post on ‘whole post theft prevention’ :)
    Love that ‘take Ctrl’ image, BTW. One of yours?

  46. David, very nice post and something I am going to implement for my wife’s recipe blog where she posts a lot of pictures. I have already noticed a few places hotlinking to her pictures and this will be a great deterrent!

    Also, about totally saving bandwidth, I wonder if you could redirect to a picture hosted say at Flickr or Photobucket!


  47. I left a comment on his blog!

    As an aside, I have hot-linked images in the past when I have been too lazy to upload it to my own server. I would only do that to “big” websites – not small bloggers. Of course that is a similar argument to saying it’s ok to shop-lift from a supermarket but not a independent shop (not that I do either – *ahem*!!). I have also been hotlinked from. A comment on their blog sorted that out.

    One friend who had an image hotlinked did then just change his own code to point at something else, then changed the original image, with the same filename to, well, let’s just say… something quite revolting.

    To copy an entire post, well, asides from anything else, it is copyright infringement!

  48. I left a comment over on the offending blog.


    And I also asked him to stop using that blog style, as it’s the same one I use, and he’s/she’s making it look bad.

  49. I couldn’t help a smile, David. I was writing about this very thing in my SEO book yesterday and today I find it on your site. :) I like the image you created for this purpose – great idea. It makes me want to steal your pics. LOL.

  50. Hi everyone, sorry I couldn’t reply sooner, or more personally.

    I’ve been busy putting some content on my new blog, Logo Design Love.

    The image at the top of this blog post was found on The Diplomat (I linked to their site at the foot of the blog post). Pretty fitting eh?

    The author of the blog where my 50 design blog article was copied has responded, apologising, and has now removed all the offending images. It’s a shame really, as I quite liked having ‘I love David’ all over his site. ;)

    Thanks for all your comments, and glad this post was of interest.

  51. hey, quick question… does this effect images in google images by any chance… since those are in a frame? I don’t want to block images there.

  52. Don’t forget the infamous:

    On one of the old sites that I used to own, someone was repeatedly stealing my images and one day I decided to end it once and for all.

    Uploaded the pic and hillarity ensued.

    Needless to say the theft stopped the very next day :P

  53. I definitely like the friendlier image – there could be people trying to promote you using your images, not just stealing or promoting themselves.

    Did you have a way to see your images get stolen (e.g. stats) or was it only by chance/people telling you?

  54. Joe,

    I mentioned above how you can whitelist specific websites. Do that for Google and you should be fine.


    You’re right about people unwittingly hotlinking, and promoting me at the same time. It’s not right to label them thieves.

    I found out by people telling me (it was happening more and more frequently, so I knew it was best to look into it further).

  55. David this very fresh and welcome information. I’m not bothered about our baldchemist site but our clients have very peculiar content that I know has been nicked by others in the same branch.
    I actually encourage young up and coming designers and marketers in particular to take what they want for free from No credit required.
    But NOT our clients content.
    The reason being that what the thieves take is old stuff anyway and we are continually creating new and fresh stuff.
    However, Thanks a million for this. We are now implementing the coding on all our clients sites.
    Keep strong. Get as much joy as you can every day. Nice one.
    The Baldchemist.

  56. As an artist, I sometimes find images of mine on other sites, even though I have a “no hotlinking/copying” and copyright notice at the top of my site pages. It’s flattering that they like my art, but sales and licensing are what put food on my table.

    Most of my images are already watermarked, and I will also implement the code you’ve described here – superb stuff! I had been going through each hotlinked image and renaming it, and also replacing it with an alternate image (smaller, less bandwidth) for each time this occurred. Your code will do all the work for me now! Woohoo! What a time-saver!

    I’d like to implement a “no cache” script, too, but if folks have javascript disabled, that won’t help me. If someone really wants an image, they will find a way to get it – so watermarks are a good thing to use.

    As always, you ROCK! :)

  57. Ray,

    I’m glad you found the info of use. I can see how your clients would appreciate you implementing the code for them.


    Great that this will save you a lot of time, and thanks for the kind words.

  58. Dagnabbit, I was soooo excited to try this out! But after I got my .htaccess file and my replacement image ready to upload, I was dismayed to find that my hosting service does not allow .htaccess files!
    Grrrr…I guess it’s back to replacing hotlinked images with a replacement one by one by one. *sigh*
    Keep up the superb work David!

  59. I began blogging about 6 months ago, and actually “stole” logo images hosted on others sites at first instead of simply copying them and hosting them myself, just because it was one extra step that I had to take.

    I didn’t realize that it was really a big deal, stealing bandwidth from those hosting the sites. Until an image began appearing on my site…of Shrek and Donkey and the words “I thought we were friends! Stop stealing my bandwidth!” I immediately removed it, and realized it was not simply “no big deal.” I have since to “steal” and images and bandwidth.

    Great post, a great way to battle these thieves, as well as let casual bloggers that this is a no no in the blogging world.

  60. Erica,

    Glad to read you’ve learned a little about blog etiquette here. Thanks for commenting.


    Perhaps if you post the code in your .htaccess file, someone will understand the problem. I’ll certainly take a look, but I’m no expert.

  61. Hi David Airey
    Thanks for replying to my request for help. I’m very grateful for your response. I posted the code from my .htaccess file for you to check out. Thanks a boatload!
    I’ll be checking out this great website of yours all day. I’ve a great deal to learn and your website is totally inspiring. I promise not to bother you for help endlessly.

    Options +FollowSymLinks

    RewriteBase /

    RewriteCond %{SCRIPT_FILENAME} -f [OR]
    RewriteCond %{SCRIPT_FILENAME} -d [OR]
    RewriteCond %{ENV:REDIRECT_STATUS} !^$

    RewriteRule .* – [L]
    RewriteRule ^sitemap.xml sitemap.php [QSA,L]
    RewriteRule ^install.php install.php [QSA,L]
    RewriteRule ^search/([^/]+)?$ index.php?mainCat=search&q=$1 [QSA,L]
    RewriteRule ^([^/]+)/([^/]+)?$ index.php?mainCat=$1&subCat=$2 [QSA,L]
    RewriteRule ^([^/]+)?$ index.php?mainCat=$1 [QSA,L]

    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?artbeat\.name/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn\. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo\. [NC]
    RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]

  62. Having looked at your .htaccess file, Diane, the only thing I can guess is how you have an uncommon domain (the .name). I’m not 100% sure, but I think I was having some issues with this hotlink fix on my site.

    Thanks very much for the compliment on my website by the way.

  63. Nice tutorial… very nice.
    Alot of users are surprised to find what can be done with htaccess

    On the earlier discussed topic of bandwidth usage on your images… there is always the option of back tracking usage of the leech image with analytics, lad vampiring the offending sites and scrambling your leech image urls.

    But this is only useful if they using a hosted blog CMS or a their own site. Anyone with an unlimited bandwidth blog would be completely unaware of your retaliation.

  64. Thank you for this! I’ve tried a few other .htaccess suggestions for disabling hotlinking and none seemed to work. This worked great. It’s quite humorous to see your no hotlinking image show up on other people’s website. Thanks for the well-written article.

  65. Hi, sorry to double comment. I just implemented this and I was told from one of my web-based feed readers that he gets the “blocked image” replacing the posts images. I suppose the only way to overcome this would be to manually enter in the URL into the htaccess of each web based reader. Correct? Would this deter your from keeping the hotlink protection?

  66. John, no worries about the double comment. You ask a great question about blocking feed readers. I covered the main ones in my .htaccess file (Google, Bloglines etc.) but found that some subscribers were using readers I’d never heard of before. It’s certainly a deterrent.

  67. John, I had that problem with David’s feed. The images were blocked (or actually replaced) in my feed reader. Suddenly the posts didn’t make sense because the images were used as examples. However, I figured out it wasn’t right and asked David about it. I knew he would want me and others to read his feed properly. It turned out that he just needed to add a line to the htaccess.

    Perhaps you could put a message in your replacement images, or at the bottom of you RSS feed, that if things don’t look right the reader should email you so you can give them access. Might be a non-confusing way to deal with the issue?

  68. This is great info, I have learned a lot here.
    I only wish someone would steal my bandwidth/images as this would indicate I had more readership!

  69. I’ve just been doing some hotlink prevention myself. However, I’ve avoided the htaccess method because I don’t want to block any search engines. Whitelisting those few is OK, but what about any new ones that come online? You never know when the killer image search site will launch, and you won’t be listed in there. What about Picsearch?

    For the moment, I’m just moving affected images, and anyone who requests the old image will get an advert for my site. Doing it this way is also more fun – if you use htaccess to block, it’s likely the hotlinker will notice straight away and steal someone else’s image instead. If you block the image later, your advert could be on their site for a long time!

  70. Hi David,

    Great post. I wrote about the same issue just a couple days after you wrote this but I didn’t have the knowledge you do. I wish I had found this post back then. I had a site that was hot linking to an image that I no longer used and I simply changed the image but your solution works for all images.

    I also wish I had thought to take a screen print of the offending website like you did rather than link to the pages. They have removed the images so I guess it worked.

    Thanks, Brian

  71. Hey, I kept seeing my images in other peoples ads on craigs list so I used your trick. Worked well. I refreshed their ad after and I don’t think they will like what they see. But the above post about backlinking sounds cool. I’m gonna go check that out now.

    Anyway, thanks for the code.

  72. THANK YOU. Thank you, thank you, thank you.

    Thank you again.

    And thank you for updating it to allow robots, too.

    Did I say thanks?

    Thanks, David.

  73. It’s always good to educate people on why hotlinking is not nice. Unfortunately, it will be hard to reach enough people. I used to have a terrible time with myspacer’s hotlinking my images until I started using a similar technique to the one you outline here. Myspace teeny-boppers can chew up bandwidth in a hurry.

  74. Hi David
    I would like to be able to tell if my images are being ‘taken’. Is there a way to tell, by bandwidth of visitor? Or some other way. I want to know if images are being scraped, for the purpose of printing as well as for publishing on a website, with the bandwidth usage issue.
    I use aswats, webalizer, google anayltics and webmaster to get my stats. I would just like to know how to read which part of those stats analyzers to look at to see if image theft is occurring.
    Thanks very much

  75. Cool, that’s the way to do it. This post went right in my favorites. One time I manually changed an image, because several sites were hotlinking, and you can’t imagine the traffic that gave me.

  76. I see you have gone over images but is there anyway
    to stop people from downloading music from my website?
    I want people to hear it but not steal it.

    Any ideas?


  77. You can use a method similar to that above to stop people linking to your music from their site. The concern is people using your content on their site, but forcing you to incur the bandwidth costs.

    The issue of streaming/downloading is quite different. In short, no, there isn’t a way to stop people downloading the music. You can use some sort of method to obfuscate the stream URL – lots of sites use Flash-based players to do this. That will stop most people. But a determined person will always be able to save your content, ultimately by taking the output from the soundcard and re-saving it.

  78. David,

    I just rec’d your latest subscription post and it was just full of information I need.

    As far as the hot linking issue, I think your final solution was the best. I did see one person who had put 2 men having sex and something like “I am f*cking with [blog name]’s bandwidth.” Tasteless, but funny.

    I see you used .jpe for your file type on the image. Is this just another way to put .jpg or .jpeg? I have never seen this.

    Thanks so much for the images in comments code. I had never thought about doing this. I am going to try it on Blogspot and see what happens.

    All the best.

  79. CyberCelt,

    The reason for using .jpe is so the image isn’t blocked along with all the .jpg files. I also had never seen this method before giving the hotlinking block a try.

    Best of luck with Blogspot. Hope it works out for you.

  80. Hi, David. I tried to use some of your htaccess code but it seems still blocking google images to index my blog images. And the my blog cache in google is disappear too. I wonder if I have done something wrong?

    My HTACCESS codes is as follow:

    Options +FollowSymLinks
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^
    RewriteRule (.*)$1 [R=301,L]
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /index.php HTTP/
    RewriteRule ^index.php$ [R=301,L]

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^https?://(www.)?$|/) [NC]
    RewriteCond %{HTTP_REFERER} !^https?://(www.)?$|/) [NC]
    RewriteCond %{HTTP_REFERER} !^https?://(www.)?$|/) [NC]
    RewriteCond %{HTTP_REFERER} !google. [NC]
    RewriteCond %{HTTP_REFERER} !search?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo. [NC]
    RewriteRule .(gif|jpg|jpeg|png|mp3|mpg|avi|mov)$ – [F,NC]

    Please help me if you spot something wrong there. Thanks in advance.

  81. I found a russian website using images directly from my server. Then I found out how to redirect – and redirected them to a particularly graphic image of two men kissing.

    So yeah if someone tries to steal my images they magically find softcore gay porn on their site.

  82. Speaking of myspace users. There is one solution I came across that really amused me. Instead of redirecting to some tacky image, which as the poster mentioned most MySpace profiles would probably look “good” with (in their own eyes anyway), he redirected them to the MySpace logout page. as such, anyone visiting the offending profile would be logged out automatically. I’m not sure of the original, but there is an example here that does the same thing:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^http://([a-z0-9]+\.)?myspace\.com/ [NC]
    RewriteRule \.jpg$ [R]

    Good luck confusing the image stealers :)

  83. I’ve had a lot of people stealing my images lately, I sometimes wanted to change them to rude and indecent images, just because i thought that would be hilarious (if not a little immature!)

    I think i’ll use the same kind of image as you settled for though, thanks for the help with this!

  84. @ David,

    Is there any solution , to block direct hotlink and allowed thumbnail posting ( which obvious needs a link back to see larger version ) ??

    Do let me know if any one know because its very important for me as my site has lot of images of celebrities.


  85. @Vivek, I guess you can do something a bit like this. If you host separate thumbnails on your site, e.g. in a thumbnail folder, you can set the htaccess to block them, and to redirect requests for larger images to the thumbnails. However, you can’t make it into a link unless the “thief” uses a link himself, and even then, it’s pretty much impossible to differentiate between a hotlinked image and a link as both will have the offending site as a referrer.

    The best thing is if you read the documentation on htaccess and learn to tailor it to your needs. This article (linked from a link David gives) is also quite useful:

  86. Thanks Jonathan for fast reply ,

    Your suggestion is good but i think ( Correct if wrong )

    I have to upload thumbnails in different folder , right now , thumbnails created automatic with flexi-upload plugin and stores in same folder.

    or is there any tool which can create thumbnails and store thumbnails in different folder and store full image in uploads folder ??

    I have just started using wordpress , so not aware about many plugins , so if it is there do let me know

  87. You should be able to use whatever prefix or suffix is added to the thumbnail filenames instead of a directory name, as long as the base name is the same, e.g. if you image is car.jpg and the thumbnail is car_thumb.jpg
    Either way, you need to understand how to edit htaccess, which can be a bit of a black art!

  88. Ok Jonathan , let me try out. But from the understanding , I must have two different folder ( one for thumbnail and one for full image ) to use this kind of customization.

    The other option i think :

    download those thumbnails then upload it to free host then link ( I am going to post those thumbnails with link – to get exposer to my site :p ) i think it will work nice instead of using two dif. folders . :p

    meanwhile i will continue to work on getting complete solution to this problem

  89. Vivek, you don’t need them in different folders. Pattern matching in the htaccess file can apply to parts of filenames just as easily as to directory names. thumbnail/mypic.jpg or mypic_thumbnail.jpg – what’s the difference?

  90. Hi David, I have a lot of problems with the majority of my page views just come from people who find pics in Google Image Search and steal them. I use all my photos legally, and I would love to do what you did with yours. However, I am basically just a blogger and don’t have much grasp on how you did what you did. Is there any way I can just talk you into doing something like that for me or putting it in kindergarten terms? Wonderful, wonderful site you have.



  91. Hi Jessica,

    Every website should have a .htaccess file. If you can’t find yours, you should search online for terms such as ‘create htaccess file’ or ‘help htaccess file’. Something like that.

    You can create one using Notepad, and simply upload it to your main web directory folder.

    Thanks for the compliment!

  92. I have to say, I’d advise against anyone editing their .htaccess unless they really know what they are doing. It’s really easy to get it wrong. I never edit my live htaccess directly, but always test it on a local web server first – and it’s never right first time! A mistake could potentially make your entire website inaccessible. Possibly worse is that it could appear to work, but your content may start to disappear from Google, losing most of your traffic. I’d also add that some ISPs don’t allow custom htaccess files.

  93. Oh, really? Oh no! SOS! I changed my .htaccess, but nothing happened regarding my photos, and everything seems to be working fine…any people who love technical stuff like this and have nothing else to do? I’ll happily let someone take a look! I’m pretty scared now. :)

  94. Okay, let me just run by you guys what I have done and you can tell me why it’s not working.

    Here is what my .htacess looks like (I saved the original in case this is wrong):

    # BEGIN WordPress

    RewriteEngine On

    RewriteBase /

    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteRule . /index.php [L]

    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?

    gravyandbiscuits\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn\. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo\. [NC]
    RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /wp-

    content/images/nohotlink.jpe [L]
    # END WordPress

    And then, I made a photo, titled it nohotlink.jpe and put it into every conceivable folder that might be labeled “images”. Still not working. :-( Don’t you hate novices like me?

  95. Your nohotlink.jpe should be in /wp-content/images/ only. You don’t need it anywhere else. It seems to be working anyway – I’ve just tested it by linking to one of your images from my site. The image will be in your browser’s cache, so you need to clear the cache or refresh the page (ctrl-refresh) to see the nohotlink image.

  96. Thank you Jonathan. I had it almost working for a minute there, but then all of my photos turned into “I Heart Gravy and Biscuits” photos. So, I tried to redo it again. I don’t have a wp-content/images/ folder, so I tried changing it to /uploads/, which was what I have, killed my whole site, then tried making images folder, didn’t work…I guess I’m going to have to declare fail on this one. Regardless, thanks guys for all the help!

  97. Thank you very much for this tutorial. We’ve been worried about content thieves all these years and yet, nothing much we can do.

  98. I want to banned particular domain from hotlinking, it is continues to hotlink despite my request. One option I have that to imform adsense but not want to do that ( until it needs )

    This tutorial tells to use allowed domain for hotlink, I want to know , is it possible to ban particular domain from Accessing images from my domain ?

  99. Rahul, just miss out the “!” in front of the domain for RewriteCond %{HTTP_REFERER}
    That means the rule only applies to the domain you specify. You won’t need the second RewriteCond in this case.

  100. Thanks Jonathan,

    But I need little help you said to remove “!” which is there before domain name, so I use following code,

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^http://(.+\.)?linkzmasti\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ /uploads/nohotlink1.jpe [L]

    here you can see I remove “!” before culprit domain. It works fine , Images being redirect to desired one. But it also redirect on my own domain. Is there something missing from the code ?

  101. Have you tried refreshing, in case it’s cached? I can’t understand that. You can remove the line ending !^$ I’d also try simplifying your other rule temporarily in case some of the wildcards are catching URLs they shouldn’t.

  102. Bang on Target,

    Thanks Jonathan, Problem seems to have solved. It working fine for me as of now, I can get actual picture tomorrow morning only when i will ask my friends to take a look at pictures and see it working or not. I had removed !^$ (second line) from my code.

    Thanks for helping me out.

  103. Great article – I’m going to use this technique on my blog. A question though: does this technique affect spiders trying to index my images?

  104. Hiya David,
    I found your site whilst browsing WordPress help and plugins. Thanks for explaining the meaning of Hotlinking. I’d seen the term mentioned before and even been frustrated at clicking on an image in Google image search only to be presented with a “No Hotlinking” image instead. Now I can see why it is a big deal. We don’t pay for bandwidth but for those who do it can be a costly thing if they don’t sort out the Hotlinking issue.
    I might pluck up the courage to edit my HTACCESS file (after backing it up first of course) with your code. I’m a newbie at Blog & website editing and last time I made a change to the file, any visitor automatically ended up at our Blog instead of the main site!
    Finally, I’m pleased to see you realise that not all Hotlinkers are intentional thieves. Many are no doubt like I was and have no idea of the hassle they are causing. Hopefully your methods will make them more aware.
    Ah well, all the best with your designing/writing and thanks again for a very helpful and concise article. Cheers. Chris

  105. Jon,

    You can add search engines to your ‘white list’, so their spiders shouldn’t be affected (don’t quote me on that though).


    You’re very welcome for the explanation. I was learning as I compiled this post, and there’s still a lot I don’t know. If you read through some of the questions posed in comments here, you’ll find some excellent answers — the benefits of an incredibly helpful online community.

  106. Great idea, except… what do I do about people who steal my images by cutting and pasting – as in… I caught them hot-linking and they have since made local copies of the images on their webserver.


  107. Peter,

    For best practice, look to stock photography websites. Their business is all about protecting images online, be it by showing thumbnails, placing copyright text over originals, or other means.

  108. Yeah, right. Stop them from hotlinking, then what? They will copy it to their own hosts. Copyright laws might seem fun, but you just can’t bust someone in another country.

  109. If you’re that worried about people using your content, don’t put it online in the first place! Ultimately that’s the only way to stop people copying your images. If they are viewable in the browser, they can be saved and uploaded elsewhere. The only measures you can take are only to upload images in the quality you need (to stop people using them for publication, etc.) and possibly to watermark your images with your name or site URL – you have to weigh up the aesthetics of that too.

  110. I was wondering if there is as way to do this in a hosted blog please? Or must I relocated to my own domain using the WordPress software to make this type of adjustment.

    Please tell me that there is hope for me without too much upheaval.

    Thanks for your time.

  111. This has been very informative. I have just recently went live with my portfolio but wanted to protect my work. I saw another way of way of protecting your images and work through flash but that would require your image gallery or what ever page you have your work shown on to be a flash element.

    I do agree with Jonathan though if you don’t want your work to be used by others you probably should not post it online.

    Thanks for the great post.

  112. Oscar, Jonathan’s spot on. The only way to effectively stop people using your content is to keep it offline.


    It’s been years since I used Perhaps you can change the .htaccess file there, but I’m not sure.

  113. Dealing with hotlinks is a pain, but it can also be great fun…

    In the past someone used a hotlinked image on my site as their profile avatar on a popular forum… trying to remember exactly what I swapped out, but it wasn’t pretty.

    Right now I have a few hotlinkers on my site, but I’ve let them slip by because their traffic is pretty pathetic.

    This is great info, though… if it ever becomes a real problem, I’ll modify my .htaccess file like you describe.

  114. This happens more and more, so its likely I’ll be implementing something similar on a number of sites. Those using a dedicated server can (should) of course do this using httpd.conf files to avoid the (heavy) load that .htaccess puts on busy servers.

  115. Fantastic! Love this, found it whilst looking for information on how to stop hotlinking since I’m writing my first website (for a customer) which contains a bunch of pictures taken by myself, and of course I hope it won’t be the last.

    Thanks also to everyone who posted additional comments with suggestions, this makes for great reading and it’s an invaluable tool for us newbies! :)

    Thanks very much for sharing….

  116. Actually, just realised I won’t be able to use this…… as I won’t have access to the server. Bummer. :-(

  117. John Cardell – read the comments! There’s no way to stop people making a copy of what’s on their screen.

    The solution in the article helps stop people linking directly from their webpages to images which are held on your server (and therefore stealing your bandwidth).

    There’s no way to stop someone copying what’s seen on screen. There’s a few ways to make it slightly more difficult (Javascript, Flash), but they’re easy to get around. If it’s on the screen then it’s stealable.

    If possible, use a watermark – they can be a real bugger to get rid of!

  118. Hey David,

    I have been reading your blog in its entirety for the past three or four days. I have scoured every post and just wanted to let you know that I love it!

    I figured I could add something of use here so here it is… A search engine I came across a couple weeks ago that searches for images around the internet. Except instead of searching for images by words, it searches from the image from an image of reference (if that makes any sense). In other words, you can feed it one of your images and see where its being used around the web.

    I’m not sure how well it might work, but I figure it could be very useful to bloggers trying to find sites linking their images.

    The search engine is called Tin Eye.

    Hopefully it helps someone!

  119. Hi Ian,

    Glad you’re finding something relevant on my blog, and thanks for having a look around. It’s funny, a friend mentioned that website at the weekend (, only he didn’t know the name or address, so thanks! Quite a coincidence.

  120. Hi David,

    While reading through this I created a post on my own blog hot-linking to one of your images to see first hand the result, but it seems your code is not currently working?

    I tried a few images and all displayed correctly. Perhaps you’ve since removed the hot linking prevention code but i thought I’d mention it just in case.


  121. Hi Andrew, I removed the code after learning it was blocking images in the feed readers of subscribers. You can white-list feed addresses, but there are so many different ones I found it easier to ditch the code.

    I’ve been thinking of bringing it back, though, because there are a lot of sites hotlinking from here.

  122. Have you discovered a way at all David, to get some figures on how many sites, or how much bandwidth is being used by other sites?

    I wonder if you can use Google in some way to find them?

    In the same way you use to show google indexed pages withing your own site, I wonder if you can search for your images in this way?

    Time to do some research me thinks.

  123. I don’t quite understand being an about-to-be wordpress newbie. If I post an article that references something you did am I not allowed to post an image of it? Was this person you are speaking trying to display your image as one of their own? I really want to understand this so I don’t end up making the same mistake when I create articles. Thanks :)

  124. Hey David, excellent post i found your post because someone just hotlinked a load of my images, i’ve written a post about it and included some linkbacks to this post.

    Thanks :)


  125. Thanks David for this handy tip! I had several reports of such image theft too and at least find solution here! :)

    However there still be people stealing articles, but at least now it will be a little bit harder them to do it and they will not use my bandwidth at least!

    Thanks again!

  126. I had an image of a sticky note I designed for my site some several versions back. It hit a sweet spot in Google images at the time and I was getting a lot hits to that image, but no hits to the site as a result. Many people were simply pasting a link to the image in their own HTML code without bothering to at least save a copy local and upload it to their server. Granted some people don’t know what their doing, and that is fine – education about these things isn’t automatic. But if you are going to steal an image to use on your own “design” site, at least fully and completely steal it! The only thing worse than a thief is a lazy thief!

  127. Hi David,

    I have quick question.

    In one of my blog i use .htaccess to display a replacement image of the width 400×200 px. And the images on my blog are of different sizes. When these images are copied, say for eg., Image 500×800 px, The replacement image stretches to 500×800 px which makes the warning text blurred.

    How to make the replacement image dimension display as it is ?


  128. I had this problem with an open source software company hotlinking to stylesheet graphic images on a forums website I acquired. I updated the look to a new style, and removed the linked images (which were no longer being used) and replaced them with one that stated “This sofware is infected with viruses” in flashing yellow text on a red background. Amazing how quickly those came down.

  129. Great article David, I just recently implemented this among some other “features” to someone who ripped my entire site. He was also hotlinking to my js files, so instead of adding them to the htaccess rules, I decided to modify them instead (added an alert window notifying of the site being stolen) Not sure when he will fix it, but it is still messed up as of today.

  130. Hello David. I wondered where the heck you had gone! I haven’t seen your stuff floating around for a while.

    But if I may ask, I want to seperate my blog from our company website. Totally different! But wish to link the two sites.

    Any suggestions as to what/which is the best method? Would welcome any suggestion. I write a new post just about every three/four days. Mostly without pictures but would like to include them. I won’t put my address up here, I’m not making some attempt to “pinch” visitors.

  131. Hello Ray.

    Your best bet is probably to create a sub-directory for your blog, so the main website is in the root directory (i.e., with the blog in a sub (i.e.,

    That’s how I started on, but I eventually decided it was best to move the blog to the root, as it’s the most popular section of the site.

    Whatever you decide, it’s very important that you stick to your decision for the long haul. I lost out on a lot of work when moving my web files around. I’m glad I moved, but it was hassle.

  132. You’re an absolute gem David. You’re so right about “sticking to it”. Consistency pays off. Folk want to know what to expect and jumping from one thing to another leaves the punters wondering !
    Take good car enow and get as much joy as you can every day.

  133. If you do ever move your site around, remember to edit your htaccess to provide 301 permanent redirects from the old URLs to the new. That means no links to the site are broken, search engines update quickly with no loss of pagerank, and everyone find what they are looking for. It’s amazing how many professionals fail to do this, and how many sites of large corporations are broken in this way.

  134. It’s similar to the technique used in this post. For example, to redirect from a blog subdirectory to the root, you could use something like:

    RewriteRule ^blog(.*)$1 [R=301,L]

    Single page moves can be done more simply without wildcards.

  135. What a fabulous bunch of people you have here David! All thanks to the way you look after and keep us informed.

    As you may be aware my specialities are elsewhere so I welcome the responses.
    (although nothing directly to do with the original subject).

    Jonathan, many thanks. If I can help you in any way …shout!

  136. What if you are working your blog off of Wetpaint or WordPress and your site url is

    Does this change this code?

    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?davidairey\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn\. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo\. [NC]
    RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]

  137. Also, what if my host doesn’t take .jpe what do i do?

    P.S. I fixed my first problem all i had to do is put another backward slash in.

    RewriteCond %{HTTP_REFERER} !^http://(.+\.)?davidairey\.wordpress\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !google\. [NC]
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn\. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo\. [NC]
    RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]

  138. Buzzard267,
    I think there is no “jpe”. It is probably a typo. intended to be jpg. (could be anything)
    RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/nohotlink.jpe [L]
    Also, jpe?g means jpeg or jpg which means the final jpg, after png, is redundant.
    that confusion seems to indicate that the line would be clearer if written as
    RewriteRule .*\.(jpg|jpeg|gif|bmp|png)$ /images/nohotlink.jpg [L]

    IT was a good laugh, what Lisa did, after she asked them, to stop and they didn’t. An option I thought of was to make my image an advertisement for my site. Nothing like free advertising!
    RewriteRule .*\.(jpg|jpeg|gif|bmp|png)$ /images/myadvertisement.gif [L]
    or whatever … any name you want, of any image type you want.
    make the image the name of your site, big enough that if it gets stretched, it is still readable.

  139. Really, *.jpe is NOT a typo?
    i scanned this page for “jpe” and found your note:
    “Notice the file extension .jpe – this is because .jpeg and .jpg files are now blocked from appearing on third party websites,”

    Oh, so that is why my advertisement.gif did not show up on my attempt!

  140. The proper thing to do is make an exception for you (advertisement?) image:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
    RewriteCond %{REQUEST_URI} !^/images/my-advertisement.jpg$
    RewriteRule \.(bmp|tif|gif|jpg|jpeg|png)$ /images/my-advertisement.jpg [R,L]

    However, if you have images in you web site that do not use relative or even absolute url’s, but exteral url’s, … like

    Then, they may get replaced with your ad also. wordpress loves to do that and you may find that now is the time to “fix” wordpress. and global “search and replace” out all the (non-portable) headaches.

    It is something to watch out for.

  141. Very interesting to read about the “non-portable headaches,” Greg. I mainly use absolute URLs (if that means using the entire http to .jpg code. Maybe that’s why I was having issues with the replacement image showing on my WordPress blog(s) from time to time.

  142. I am using the following code
    #Stop Image Hotlinking
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)? [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !google. [NC]
    RewriteCond %{HTTP_REFERER} !search?q=cache [NC]
    RewriteCond %{HTTP_REFERER} !msn. [NC]
    RewriteCond %{HTTP_REFERER} !yahoo. [NC]
    RewriteRule .*\.(jpe?g|gif|bmp|png)$ – [F]

    Its strange that the image is not hotlinking on IE but on firefox it loads, what exactly is the problem ?

  143. Just found this article. Love your image. Can I do something similar and “Steel” your idea? Thanks for hint.

  144. I really wish I understood 1/2 of what you wrote. I’m just a simple blogger wondering how to find out if any of my pictures have been stolen and are being used elsewhere. Is there a way to do that?

  145. only just discovered this as a problem when my bandwidth shot up. cheers for posting code, i’ve just gone with the first as i hadn’t read the rest here, will now investigate further. i don’t really mind people nicking images for some things, we’ve all done it at some point i’d bet, just wish they’d do it properly and not steal my bandwidth, that’s just rude.

  146. hi, i tried the hotlink code but it was not working as what i thought! all pictures in my website is replaced by nohotlink.jpe that i uploaded in my remote images folder: so images/nohotlink.jpe

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
    RewriteRule \.(bmp|tif|gif|jpg|jpeg|png)$ /images/nohotlink.jpe [R,L]

    could you teach and help how to set the properly hotlink protection.

    i have two htaccess fil in root directory @ .htaccess and @.htaccess.bak (if i delete .htaccess.bak, my website error 500)
    my hosting is linux at

    i got hotlinking from other website server which load my bandwidth such this website:

  147. Hey David and others. I am sorry to say that I have copied an image url (from your site) from Google Images. I tested it and hotlinking worked. Here is the link on one of my students’ website.
    damn Search Engines (Google Images) are still showing full urls of image paths.
    I will remove the image as soon as you check it and will also try to find a solution for this, and post it here as well. If anyone else finds a way out, please let us know.

  148. Hello Tawheed, I removed the code from my htaccess file after some people told me my images weren’t showing in their feed readers. As there are a lot of different readers available I thought it’d be more trouble than it was worth keeping the code intact.

  149. Hi David, thanks for you time. I removed the link but its silly how search engines hold us for ransom. After all these years and they still don’t come up with a solution while they can.
    Anyways, i guess the better option in this scenario is to watermark the images.
    All the best.

  150. Listing in search engines has no bearing on whether images are easy to hotlink or not. It’s always possible to find the path of images. The vast majority of visitors to my site come via Google images searches. Block search engines if you like, but don’t expect to have many visitors afterwards.

  151. David,

    Thanks for the details to aid diagnosis, and the clear solution you provide. Our Irish Film series, Cine Gael, here in Montreal will be implementing this at our website.

    Thanks – Antoine

  152. Hi! Love this post, but I need to ask one question. Usually when you share on social media, like facebook et. al., a cropped version of your image is being used either as a thumbnail or preview image. Will this htaccess file prevent sites from doing so?

    Thanks in advance for your response.

Leave a Reply

Your email address will not be published. Required fields are marked *