Overview
This article explains how to use an .htaccess file to prevent images from being hotlinked from a different website.
Background
Hotlinking (or bandwidth stealing) is a common problem. It happens when people link to files and images on a different server and display them on their own website, using the bandwidth of the original owner at their expense.
Preventing hotlinking in the panel
If you don't wish to take the manual approach, you can prevent hotlinking by enabling it in the panel on the Htaccess/WebDAV page. Click on your domain and proceed with the steps to enable this feature.
Preventing hotlinking with an .htaccess file
The following sections walk you through creating and editing an .htaccess file to protect your website's content.
Create an .htaccess file
See this article for instructions on creating an .htaccess file on your web server. If the file already exists, view the following articles for instructions on how to update it (depending on if you're using an FTP client or SSH):
The examples below can be entered into your .htaccess file exactly as shown. Only if the example contains highlighted code should you change that to your actual URL or file name.
Add code to your .htaccess file
Redirect to an image of your choice
-
This example causes any hotlinked image to redirect to an image of your choice explaining that hotlinking is disabled on your server.
RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com/.*$ [NC] RewriteRule \.(gif|jpg)$ https://www.example.com/hotlink.gif [R,L]
Block specific domains
-
This example fails to load a hotlinked file on the third-party site but does not throw an error.
RewriteEngine On RewriteCond %{HTTP_REFERER} ^https://(www\.)?example\.com(/.*)*$ [NC,OR] RewriteRule \.(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|mng|MNG)$ - [F]To protect other resources, such as video and audio files, add additional extensions to the RewriteRule parentheses block.
Allow only specific domains
-
This example only allows specific sites to load content. For example, the following code allows only example.com and dreamhost.com to load the content. All other sites attempting to request any resource fail to load the resource, but no errors are thrown:
RewriteEngine On RewriteCond %{HTTP_REFERER} !^https://(www\.)?dreamhost\.com(/.*)*$ [NC] RewriteCond %{HTTP_REFERER} !^https://(www\.)?example\.com(/.*)*$ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteRule \.(jpeg|gif|png)$ - [F]
For further examples of how to block traffic by IP or domain, see the denying access article.