Have people been stealing images from your websites? Well, there are not so many interesting images in this site so I don’t really have that problem. You can add a watermark to your image, but I guess everyone knows that.
Another form of image theft also involves bandwidth theft. It’s has many names – hotlink, inline linking, leeching, and many others. As many of us uses shared hosting and we have limited bandwidth, it will eventually reach the barrier if bandwidth is being stolen from other sites.
I have 1.5TB monthly bandwidth limitation, but I still don’t agree to people stealing my bandwidth by hotlinking images especially since I host quite a number of sites in this account. On Apache hosting it’s easy to prevent hotlinking by utilizing .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yourdomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /nohotlink.pne [L] |
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yourdomain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /nohotlink.pne [L]
WordPress users can add the above lines before the WordPress rewrite rule:
What the configuration does is check whether HTTP_REFERER to match the specified domain, or if it’s empty (direct calls, for example). If not empty and unmatched it sends the content of file /nohotlink.pne to the browser. Why? Because when images are loaded with the <img tags the referrer is the page calling the image. You can also define a nonexistent image so that a broken icon is displayed on the hotlinker’s site, or better still replace the last line with:
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F] |
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
My implementation will cause the image to be replaced with:
By the way the hotlink protection image is named with the .pne extension to prevent an infinite rewrite to occur. You can also use other image formats, and any other extensions. Some fussy browser might not display it correctly but who cares, the point is to prevent people from hotlinking, isn’t it?
Try it out yourself. Good luck!