HowTo: Prevent Bandwidth Theft or Hotlinking

traffic sign

Hotlinking, inline linking, direct linking, leeching, or bandwidth theft. Call it whatever you want but it all means the same thing, the loss of precious bandwidth. Bandwidth theft is very rampant on the world wide web.

If you don’t pay for hosting or don’t have any bandwidth limits, then you might not be worried about it. But to those who pay for web hosting, especially those who have a small monthly bandwidth limit, every byte counts. You wouldn’t want to exceed your limit because other people are using up your bandwidth by hotlinking your files, right?

One way of protecting your files from hotlinking is by inserting certain rules in your .htaccess file. In the following examples, the files being protected are image files. You can change them to any file format that you wish to protect.

NOTE: For WordPress users, you can insert these lines of code right before the line # BEGIN WordPress in your .htaccess file. Make sure you make a backup of your .htaccess file before editing it.

Block a specific domain
This code will return a 403 Forbidden Error instead of the file only when the image is requested by the specified domains in this example: domain.net & domain.com

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www.)?domain.net/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www.)?domain.com/ [NC]
RewriteRule .(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|mng|MNG)$ - [F]

Block all domains
This code will return a 403 Forbidden Error instead of the requested file to all domains except domain.com, which should be changed to the domain name of your site or where the file is used.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .(jpe?g|gif|png)$ - [F]

If you already have disabled hotlinking or activated an anti-hotlinking measure, then good for you! If not, then you should. You wouldn’t want to lose precious bandwidth to hotlinking, don’t you?

To check if your files are safe or if your hotlinking measures are working, check out this free online hotlinking prevention testing tool. If you’re worried about messing with your .htaccess file, you can try this .htaccess editor that’s recommended by AJ.

I’ve had several experiences of bandwidth theft and people hotlinking to my images. Well, that was before I disabled hotlinking. Now, I don’t even worry about it. How about you, have you had any experience of someone hotlinking your files? What did you do about it? What are the anti-hotlinking measures you’re taking? Tell us about it.

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 

16 Comments

  1. Did put the code just before # BEGIN , but it seems that it doesn’t work. The other website is still hotlinking my images..

    Please help.. I’m using BLOCK all domains script..

  2. I actually have no bandwidth problem so far dahil di naman famous ang site ko :mrgreen: and besides, I have 2,000GB volume transfer monthly. Pero kahit na ganun I still have to apply this piece of code dahil dumadami sila eh, Kitang-kita doon sa access stats ko.

    Regarding the pyscho designer, hehehe natahimik na siya. Pero di pa rin nag apologize hanggang ngayon. Well, bahala na siya sa buhay niya. Tama na sa akin na ipinamukha ko sa kanya ang tutuo. I take it for granted she’s the kind of person who can not accept mistake.

  3. @Beng – You’re welcome Madam Hafner! You mentioned that there are many hotlinks to your images, I’m sure it eats up a considerable amount of your bandwidth so you really should have some sort of anti-hotlinking measure on your blog.

    Btw, how’s it with the pyscho designer? She still bothering you? Hehe :D

  4. thanks for sharing jaypee. i have read about this somewhere on codex.wordpress.org but i really never paid attention about hotlinking. i’ll use this na talaga dahil maraming naghahotlink sa mga images ko :twisted:

  5. @derek – I see. I guess you shouldn’t implement it for now. Yeah, it should mess up your RSS. I guess it has something to do with your blog setup or settings.

    I’ll try to do some research and find out what causes that issue and maybe come up with a fix. You’re welcome! :)

  6. I used the block all domains rule, I took it out and then the feeds eventually shows up.

    I agree that it shouldn’t mess up the feeds but for some weird reason that happened to me. Hmm maybe I’ll try it again after a few days. Thanks for this post!

  7. @derek – Hi! Which rule did you use? As what I told iRonnie, I’ve never had these problems with my RSS feeds when I implemented this rules in my .htaccess file. And based on principle, these rules only protect your files from direct linking via http and doesn’t protect your files via RSS feeds.

    Have you tried removing the anti-hotlinking rules from the .htaccess file and checking your RSS feeds? Let me know of any developments or if you’re still experiencing the same problem.

  8. ei jaypee, I tried using this anti-hotlinking code. I did check my feedburner today and was shocked by the number of feeds that was lost, is it really messing up the feeds?

  9. @iRonnie – I see. In my case, I just block other domains from hotlinking to my files and I don’t use the anti-linking image.

    As far as I know, these rules shouldn’t mess the RSS feeds. What if you try a different rule? Or try this one:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
    RewriteCond %{HTTP_REFERER} !^$
    RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]

    Let me know if it works or not. :)

  10. i cant seem to find my reference for the code i used because i have already removed it from my htaccess. but i do remember it came with a code like this:

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www.)?mydomain.com/.*$ [NC]
    RewriteRule .(gif|jpg)$ http://www.mydomain.com/angryman.gif [R,L]

    substituting an anti-linking image of your choice.

  11. @mr nice ash – How much is your monthly bandwidth limit? I’m not sure about this but I think the images that Google display in it’s search results are cached so it doesn’t really eat up much bandwidth from you unlike if the file is directly hotlinked.

    There are other things that eat up your bandwidth, stuff like WordPress plugins that are not properly coded, unnecessary codes in your php files, etc. So you’ll have to check these out one by one an d determine the ones you can eliminate. I know it’s a tedious job but you’ll have to do it if you want to optimize your bandwidth usage. :)

  12. i’d probably try this. my bandwidth consumption is now over 50% of my limit. will it be because google displays my images on it’s search page?

  13. @iRonnie – Yeah, I forgot to mention about that. Allowing or restricting access to files in a certain folder.

    I never had any problems with images in my RSS feeds even after using these rules in my .htaccess file. Btw, which rule did you apply?

  14. i was using a similar code in the htaccess. in addition, the code allows me to restrict hotlinking in a specific folder only. however, i decided to remove the code because it tends to mess up my rss sometime.

Leave a Reply

Your email address will not be published. Required fields are marked *

JaypeeOnline