How to Create an .htaccess file to Prevent Hotlinking

Recently, I was checking out my traffic logs and I noticed that there was another site that was hotlinking some of my images (actually, this blogger had copy/pasted the entire content of my posts) and, because I don’t like people to steal my bandwidth (or money), I edited my existing .htaccess file to prevent this theft!

There are thousands of sites in the Internet that explain what an .htaccess file does, so I won’t get into it here. If you want to learn more, perform a Google search for .htaccess.

How to Create an .htaccess file

1. Create a new file in favorite text editor and save it, without a name, with the extension: .htaccess
   

If you are a WordPress user and have turned on mod_rewrite for permalinks, then WordPress should have inserted the following code in the .htaccess file that is on your server:

1. # BEGIN WordPress
2.    RewriteEngine On
3.    RewriteBase /
4.    RewriteCond %{REQUEST_FILENAME} !-f
5.    RewriteCond %{REQUEST_FILENAME} !-d
6.    RewriteRule . /index.php [L]
7. # END WordPress
2. Now, in order to prevent hotlinking, enter the following code:
   1. Options +FollowSymlinks
   2. # Protect Hotlinking
   3.    RewriteEngine On
   4.    RewriteCond %{HTTP_REFERER} !^http://(.+.)?YOURURL.com/ [NC]
   5.    RewriteCond %{HTTP_REFERER} !^$
   6.    RewriteRule .*.(jpe?g|gif|bmp|png|zip|rar)$ http://YOURURL.com/PATH/TO/REPLACMENT/IMAGE [L]

Explanation of Code

Here are the variables that you will need to change in order to protect your files:

Line 4: You will need to replace YOURURL with your site’s URL. As you can see, the code already has “http” so only need to enter the URL. For example, for my site, I would have entered:
samanathon.com

Line 6: This line specifies the file types to be blocked from hotlinking and allows you to specify a file that will be replaced when hotlinking occurs. If someone hotlinks a file, it will be replace with the file that you specify here.

An issue that you need to be aware of is that we’ve just told the server to block all hotlinks with those extensions, so your replacement image needs to have an extension that is not listed on this line of code. If your replacement file is an image (which it should be), simply give the file a different extension. For example, my replacement images is an .png file, this is the file:
http://samanathon.com/images/hotlinking.pn

Options

Google Cache/Image Search/Reader

Google does create a cached version of your pages when the search spiders index a page. You can choose to allow the cache server permission to like to your images. This is comes in handy when someone is viewing a cached version of your site. All you need to do is create a like and add “google.com” as the URL, similar to the line with your site’s URL:

Redirects

There has been much debate on the use of “www” in your URL. I prefer not to use it and I have my server redirect a request of www.samanathon.com to samanathon.com. This is how you can achieve this redirect, enter the following into the same .htaccess file:

Simply replace YOURURL with your site’s URL.

Final Code

If you’ve used all of the code that I’ve suggested, this is what your final file should look like:

Upload

This file nees to be in your site’s root and not in a folder. Navigate to your (or use an FTP client to access) your site and place the .htaccess file in the site’s root.