InMotion Hosting Support Center

What is HotLinking? HotLinking is when you use a url to view an image in the website code or the image url in the browser. When using url's in image code, the server does not have to use any bandwidth or http request to serve the image. Say I use a url to an image at Yahoo in my code. Yahoo's server will need to serve the image and not the server my site is on. For example, you can get the url to an image for a site like the following from yahoo:

This can be used in your code to display the image on your website. The code looks like the following.

<img src="" />

Why HotLink Protect your website? When people HotLink to your website, they are actually using your server resources instead of their own. When your images are HotLinked by many different people on their sites, your site can start to slow down and go under a load. Another reason is to prevent people from using your images on their site as if the image is their own. You can prevent the images from being used with HotLink protection. Lets learn how to HotLink protect through the .htaccess and through the cPanel HotLink protection feature.

Hotlink protection .htaccess code

Code can be added directly to the .htaccess to prevent HotLinking in a directory specific location. The following code is used to prevent HotLinking to jpg, jpeg, gif, png, and bmp file types.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule \.(jpg|jpeg|gif|png|bmp)$ - [F]

Redirecting hotlinked visitors to a specific page

You can redirect people to a specific page if they try directly accessing your images through the url of their browser.

This applies to visiting the image url in the browser, The following code will show how to redirect anyone going to a jpg, jpeg, gif, png, and bmp file to a "restricted.html" page.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule \.(jpg|jpeg|gif|png|bmp)$ [R,L]

Using the HotLink Protection in the cPanel

A feature that is included in cPanel is the HotLink Protection feature. The HotLink Protection in cPanel writes the .htaccess code for you. Below are the steps for using the HotLink Protection in cPanel.

  1. Login into your cPanel.
  2. Select HotLink protect cpanelNavigate to the Security section and click the HotLink Protection icon.
  3. holtink protect enabled cpanelClick the Enable button at the top of the screen to enable the service. Then click Go Back. You will see HotLink Protection is currently enabled.

  4. Enable hotlink protect cpanelEnsure any URLs you want to allow hotlinking are in the list. This includes the domain that the images are on. Be sure to set both www and non-www versions.

  5. Enable hotlink protect cpanelTo allow URLs in the browser to access your images, select the Allow direct requests checkbox. This will let the visitor navigate to the url in the browser while denying image linking through the code of a site.

  6. Hotlink protect codeOnce you have completed the steps above, click the Submit button to save the changes.

Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Support Center Login

Our Login page has moved, Click the button below to be taken to the login page.

n/a Points
2017-12-02 8:44 pm

I keep clicking the enable Hotlink Protection Button and then I get a green message saying it was enabled but when I go back to the Hotlink Protection page it says that Hotlink Protection is disabled. I've refreshed my page several times and it still shows the same way. Is this a glitch on the cpanel? 

10,724 Points
2017-12-04 11:21 am
It sounds like a possible glitch, or maybe a caching issue. I advise contacting Live Support, so they can replicate the issue with you.
n/a Points
2017-06-26 1:49 pm

hi , im building a website based on offering free downloads to a ZIP , RAR files the question is can i use the same method with such files with such files with this kind of accessabily ? 

in another way ... i want visitors to be able to downlad the file from my site , but i dont want them to use that downloading link in other places outside my site .. or at least prevent them from consuming my bandwidth 

10,724 Points
2017-06-26 2:41 pm
In principal, this should work the same as with images. You may want to try out the steps in the section on protecting and redirecting from a certain page. cPanel has a built-in tool to help with this.
n/a Points
2015-09-23 4:50 am

Hello Scott,

am just trying to enable image hotlinking through htaccess I tried too many times but it won't work

here is my file:


###Close Directory ListeningOptions -Indexes ###Redirecting non-www to wwwRewriteEngine onRewriteCond %{HTTP_HOST} ^eddiesmarket\.net [NC]RewriteRule ^(.*)$$1 [L,R=301,NC]### Removing Extensions (.html)RewriteEngine onRewriteCond %{REQUEST_FILENAME} !-dRewriteCond %{REQUEST_FILENAME}\.html -fRewriteRule ^(.*)$ $1.html###### Caching<FilesMatch "\.(ico|pdf|jpg|jpeg|png|gif|html|htm|xml|txt|xsl)$">Header set Cache-Control "max-age=31536050"</FilesMatch>### Redirect 404 & 403 to the HomepageErrorDocument 404 http://www.eddiesmarket.netErrorDocument 403 Disable Image HotlinkingRewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]RewriteRule \.(jpg|jpeg|gif|png|bmp)$ [R,L]###Compressing G-Zip<IfModule mod_deflate.c>        <IfModule mod_setenvif.c>                <IfModule mod_headers.c>                        SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding                        RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding                </IfModule>        </IfModule>        # Compress all output labeled with one of the following MIME-types        # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`        #    and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines        #    as `AddOutputFilterByType` is still in the core directives).        <IfModule mod_filter.c>            AddOutputFilterByType DEFLATE application/atom+xml \              application/javascript \              application/json \              application/rss+xml \              application/ \              application/x-font-ttf \              application/x-web-app-manifest+json \              application/xhtml+xml \              application/xml \              font/opentype \              image/svg+xml \              image/x-icon \              text/css \              text/html \              text/plain \              text/x-component \              text/xml        </IfModule></IfModule>### Set Expires Headers<IfModule mod_expires.c>        ExpiresActive on        ExpiresDefault                                    "access plus 1 month"    # CSS        ExpiresByType text/css                            "access plus 1 year"    # Data interchange        ExpiresByType application/json                    "access plus 0 seconds"        ExpiresByType application/xml                     "access plus 0 seconds"        ExpiresByType text/xml                            "access plus 0 seconds"    # Favicon (cannot be renamed!)        ExpiresByType image/x-icon                        "access plus 1 week"    # HTML components (HTCs)        ExpiresByType text/x-component                    "access plus 1 month"    # HTML        ExpiresByType text/html                           "access plus 0 seconds"    # JavaScript        ExpiresByType application/javascript              "access plus 1 year"    # Manifest files        ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"        ExpiresByType text/cache-manifest                 "access plus 0 seconds"    # Media        ExpiresByType audio/ogg                           "access plus 1 month"        ExpiresByType image/gif                           "access plus 1 month"        ExpiresByType image/jpeg                          "access plus 1 month"        ExpiresByType image/png                           "access plus 1 month"        ExpiresByType video/mp4                           "access plus 1 month"        ExpiresByType video/ogg                           "access plus 1 month"        ExpiresByType video/webm                          "access plus 1 month"    # Web feeds        ExpiresByType application/atom+xml                "access plus 1 hour"        ExpiresByType application/rss+xml                 "access plus 1 hour"    # Web fonts        ExpiresByType application/font-woff2              "access plus 1 month"        ExpiresByType application/font-woff               "access plus 1 month"        ExpiresByType application/       "access plus 1 month"        ExpiresByType application/x-font-ttf              "access plus 1 month"        ExpiresByType font/opentype                       "access plus 1 month"        ExpiresByType image/svg+xml                       "access plus 1 month"</IfModule>### Turn E-tags off<IfModule mod_headers.c>        Header unset ETag</IfModule>FileETag None


42,232 Points
2015-09-24 9:16 am
Hello Fadi,

Your best bet is probably to clear all of the code that you added in .htaccess for hotlink protection and then follow the article's suggestions using the cPanel to set your hotlink protection. Check out this video for further assistance on its use.

If you have any further questions or comments, please let us know.

Arnel C.
n/a Points
2014-06-17 1:45 pm


You show an example of how to redirect to specific page above in the article.


But you do not show how to link to a graphic which would then appear in place of the graphic that the hot linker is trying to link to.


I know this is possible as I used to do this but have not done so for many years and cannot remember the correct syntax for the Rewrite rule line.


hope you can help





43,761 Points
2014-06-17 1:56 pm
Hello Vicky,

In that case, the syntax is very similar:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ [L]

One important thing to note is that the 'replacement image' cannot be on a folder that is protected by the hotlinking. Use of an image site such as is recommended.

Kindest Regards,
Scott M

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

8 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!