traffic sign

Hotlinking, inline linking, direct linking, leeching or bandwidth theft. Call it whatever you want but it all means the same thing, the loss of precious bandwidth. Bandwidth theft is very rampant in the world wide web.

If you don’t pay for hosting or don’t have any bandwidth limits, then you might not be worried about it. But to those who pay for web hosting, especially those who have a small monthly bandwidth limit, every byte counts. You wouldn’t want to exceed your limit because other people are using up your bandwidth by hotlinking your files, right?

One way of protecting your files from hotlinking is by inserting certain rules in your .htaccess file. In the following examples, the files being protected are image files. You can change them to any file formats that you wish to protect.

For WordPress users, you can insert these lines of code right before the line # BEGIN WordPress in your .htaccess file. Make sure you make a backup of your .htaccess file before editing it.

Block a specific domain
This code will return a 403 Forbidden Error instead of the file only when the image is requested by the specified domains in this example: &

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?domain\.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?domain\.com/ [NC]
RewriteRule \.(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|mng|MNG)$ - [F]

Block all domains
This code will return a 403 Forbidden Error instead of the requested file to all domains except, which should be changed to the domain name of your site or where the file is used.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|png)$ - [F]

If you already have disabled hotlinking or activated a anti-hotlinking measure, then good for you! If not, then you should. You wouldn’t want to lose precious bandwidth to hotlinking don’t you?

To check if your files are safe or if your hotlinking measures are working, check out this free online hotlinking prevention testing tool. If you’re worried about messing with your .htaccess file, you can try this .htaccess editor that’s recommended by AJ.

I’ve had several experiences of bandwidth theft and people hotlinking to my images. Well, that was before I disabled hotlinking. Now, I don’t even worry about it. How about you, have you had any experience of someone hotlinking your files? What did you do about it? What are the anti-hotlinking measures you’re taking? Tell us about it.

JaypeeOnline is supported by its audience. When you click on the advertisements or purchase through links on our site, we may earn an affiliate commission. Learn more



Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.


  • bryan, June 21, 2010 @ 11:42 PM Reply

    Did put the code just before # BEGIN , but it seems that it doesn’t work. The other website is still hotlinking my images..

    Please help.. I’m using BLOCK all domains script..

  • Beng, September 12, 2007 @ 10:25 AM Reply

    I actually have no bandwidth problem so far dahil di naman famous ang site ko :mrgreen: and besides, I have 2,000GB volume transfer monthly. Pero kahit na ganun I still have to apply this piece of code dahil dumadami sila eh, Kitang-kita doon sa access stats ko.

    Regarding the pyscho designer, hehehe natahimik na siya. Pero di pa rin nag apologize hanggang ngayon. Well, bahala na siya sa buhay niya. Tama na sa akin na ipinamukha ko sa kanya ang tutuo. I take it for granted she’s the kind of person who can not accept mistake.

  • JP Habaradas, September 12, 2007 @ 9:50 AM Reply

    @Beng – You’re welcome Madam Hafner! You mentioned that there are many hotlinks to your images, I’m sure it eats up a considerable amount of your bandwidth so you really should have some sort of anti-hotlinking measure on your blog.

    Btw, how’s it with the pyscho designer? She still bothering you? Hehe :D

  • Beng, September 11, 2007 @ 4:12 PM Reply

    thanks for sharing jaypee. i have read about this somewhere on but i really never paid attention about hotlinking. i’ll use this na talaga dahil maraming naghahotlink sa mga images ko :twisted:

  • JP Habaradas, September 10, 2007 @ 11:00 AM Reply

    @derek – I see. I guess you shouldn’t implement it for now. Yeah, it should mess up your RSS. I guess it has something to do with your blog setup or settings.

    I’ll try to do some research and find out what causes that issue and maybe come up with a fix. You’re welcome! :)

  • derek, September 10, 2007 @ 10:34 AM Reply

    I used the block all domains rule, I took it out and then the feeds eventually shows up.

    I agree that it shouldn’t mess up the feeds but for some weird reason that happened to me. Hmm maybe I’ll try it again after a few days. Thanks for this post!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.