HideIPVPN
RSS Feed Click to Subscribe!

How to stop WordPress hotlinking using .htaccess

There are some spammers, mainly in the adult business, who take some of the highest ranked Google images and then hotlink to them in order to get your website traffic,if you have limited hosting account bandwidth or you do not want anyone to hotlink to any of your WordPress images, here is what to do to stop it.

Go to your webhosting account and edit your .htaccess file (create it if it does’nt exist),  add these lines (RewriteEngine will typically be already set to on if you have a WordPress blog, you will then omit this line, do not write it twice):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://www.privacydusk.com/wp-content/uploads/2011/10/Stop-hotlink-warning.jpg [NC,R,L]

That is it! The most important part is to get yourdomain.com right, if you do not do this you will see the nasty image (stop hotlinking) served by anything you specified.

To whitelist search engines, or a site you own, and let them hotlink to your images, you should add these lines to your .htaccess file:

RewriteCond %{HTTP_REFERER} !^$

Stop hotlinking warning message
Stop hotlinking warning message

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.nl [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.es [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.de [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yahoo.co.uk [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ask.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$  http://www.privacydusk.com/wp-content/uploads/2011/10/Stop-hotlink-warning.jpg [NC,R,L]

Stop hotlinking .htaccess code explained

RewriteCond %{HTTP_REFERER} !^$ > Allow blank referrers (recommended). Some users surf under firewall and they do not provide any referrers, disallowing blank referrers will block them from accessing these images, but if you still want to do that simply delete this line.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC] > Site allowed to link your images, if you do not add your domain here you will be blocking your own blog from displaying the images, you can add Google and Bing here so that they can still link to the images.

RewriteRule \.(jpg|jpeg|png|gif)$ http://www.privacydusk.com/wp-content/uploads/2011/10/Stop-hotlink-warning.jpg [NC,R,L]  > In between the () are type of files you want to block from hotlinking, you can also add .css and other extensions like .bmp. To add more seperate them with”|”.

Change ‘ http://www.privacydusk.com/wp-content/uploads/2011/10/Stop-hotlink-warning.jpg [NC,R,L] ‘ to your own message, whenever image hotlinking is detected this image will show up. It will be better if you host the image somewhere else outside from your own webhost. 

Warning: Make sure the image you are serving is not hotlink protected or your server can go into an endless loop.

Other ways to protect image hotlinking

You can turn on hotlink protection at your CPanel webhosting account, to use cPanel to stop image hotlinking go to the “Security” section and choose > Hotlink protection, you will have to enable it first and then enter the redirect URL you want hotlinkers to go to.

There is a WordPress plugin to display the image of your choice in hotlinked photos: WP-PICShield

To test if  hotlink protection is working on your site visit this online hotlink checker 

Add a Comment

Your email address will not be published. Required fields are marked *