Muschamp Rd

Latest Greatest WordPress anti-hotlinking .htaccess solution

So I’ve had some problem with file leechers. I made fun of them, renamed the most popular images, and implemented the supposed ultimate .htaccess anti-hotlinking solution. Alas it didn’t work for my blog as I use a subdomain and I think my webhost uses some symbolic links to make this happen. My webhost uses DirectAdmin, there are some anti-hotlinking solutions out there specific to webhosts and website control panels.

Some question the wisdom of preventing hotlinking, they obviously haven’t had half of their bandwidth taken up by it. I’m still investigating how to allow the various search engines and feed readers to access the images. I had a more elaborate solution, but like I said it didn’t work with my blog subdomain. It did work on my other subdomains however.

The third feature/plan was to allow me to post links to certain images on forums myself. These images were only used on these forums and I put them in their own subdirectory. This was actually fairly easy to make work.

So what do you need to do to replicated my solution? Well first it takes three .htaccess files. One goes in your root directory where your index file is. On my webhost that directory is called public_html. You also need another .htaccess file to go in the directory you want to allow hotlinking to. Finally I needed to modify the existing .htaccess file in my blog subdomain directory.

All three of these files are called .htaccess and rely on mod_rewrite and probably only work on the apache webserver. So check with your webhost to make sure this solution will work and change the domain from Muschamp.ca to whatever yours is. I never could get the alternate image replacement stuff to work. I may keep working on it, or I may spend my efforts verifying that feed readers and search engines can get through as I get a lot of traffic from Google Image Search.

Main .htaccess file


# ultimate hotlink protection
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?muschamp\. [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
</ifModule>

Allowing hotlinking to images in a specific directory .htaccess file


# disable hotlink protection
RewriteEngine off

blog WordPress subdomain subdirectory .htaccess file


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Options +FollowSymlinks
# Protect Hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?muschamp\. [NC]
RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]

Perhaps there should be an if statement around the second batch of rules but it works like this so I decided to document it.

Related posts:

  1. Time for a .htaccess anti-hotlinking solution
  2. A day later and a few dollars shorter
  3. Fixing Mint was easy
  4. Before you upgrade WordPress

This entry was originaly posted on , it was last edited on and is filed under: Blogging, Internet, WordPress and tagged: , , , , , .


  • http://www.muschamp.ca/ Muskie

    This possibly is interfering with Google Image search and some of it’s friends. I’ll have to do more research, but it definitely works and allows Feed Readers to see the images…

  • Jbvannier

    Really nice, it’s the only one it works for me , thks a lot

  • http://www.muschamp.ca/ Muskie

    I’m glad it helped.  I still get plenty of referrals from Google Image Search, plus Yahoo and Bing image search, but the anti-hotlinking might mess with them a bit.  Feed readers get images, at least mine does, and it seems to confuse people.  It stops Facebook hotlinking too, but if people just link to the story instead of the photo they can get the little preview image in Facebook and most social media.  I have no problems posting my stuff to Facebook and others have posted my stuff too with working preview images.

    Cheers, 

  • Jbvannier

     It seems my image search in GG desappears too, but it’s not so important for me. May be exist a solution…read you later if there is some. Best regards

  • Joe

    Thank you for very much for sharing this.  It was the only subdomain-allowing code I cound anywhere.

  • http://www.muschamp.ca/ Muskie

    No worries.  I’m no .htaccess genius so you must have not Googled as much as me, as I had to get the original idea from somewhere, but I ended up doing a multilevel approach to keep old images I posted to forums still live, while stopping the laziest of bandwidth thieves.  People can still steal your images, they just upload them directly to Facebook or a forum, or photobucket, course you then can go and complain to the owner.  People tend to steal more MS Word and Excel documents from me, they are more valuable intellectual property.

  • Pingback: Calf Crazy – Muskblog

  • Pingback: Installed the Facebook for WordPress plugin – Muskblog

  • Pingback: You have gotta see this photo! – Muskblog

  • Pingback: My ten most useful blog postings – Muskblog

  • Pingback: Spammers, Scammers, and other Internet Assholes – Muskblog

  • http://www.muschamp.ca/ Muskie

    Google Image search has a way around this and now it appears a forum, Bodybuilding.com is able to take an image from my blog and post it inline.

    http://forum.bodybuilding.com/showthread.php?t=153067501&page=2

Posts on Muskblog © Muskie McKay comments not necessarily so...
Social Media Icons created by komodomomedia, used with permission.