InMotion Hosting Support Center

What is HotLinking? HotLinking is when you use a url to view an image in the website code or the image url in the browser. When using url's in image code, the server does not have to use any bandwidth or http request to serve the image. Say I use a url to an image at Yahoo in my code. Yahoo's server will need to serve the image and not the server my site is on. For example, you can get the url to an image for a site like the following from yahoo:

This can be used in your code to display the image on your website. The code looks like the following.

<img src="" />

Why HotLink Protect your website? When people HotLink to your website, they are actually using your server resources instead of their own. When your images are HotLinked by many different people on their sites, your site can start to slow down and go under a load. Another reason is to prevent people from using your images on their site as if the image is their own. You can prevent the images from being used with HotLink protection. Lets learn how to HotLink protect through the .htaccess and through the cPanel HotLink protection feature.

Hotlink protection .htaccess code

Code can be added directly to the .htaccess to prevent HotLinking in a directory specific location. The following code is used to prevent HotLinking to jpg, jpeg, gif, png, and bmp file types.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule \.(jpg|jpeg|gif|png|bmp)$ - [F]

Redirecting hotlinked visitors to a specific page

You can redirect people to a specific page if they try directly accessing your images through the url of their browser.

This applies to visiting the image url in the browser, The following code will show how to redirect anyone going to a jpg, jpeg, gif, png, and bmp file to a "restricted.html" page.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]
RewriteRule \.(jpg|jpeg|gif|png|bmp)$ [R,L]

Using the HotLink Protection in the cPanel

A feature that is included in cPanel is the HotLink Protection feature. The HotLink Protection in cPanel writes the .htaccess code for you. Below are the steps for using the HotLink Protection in cPanel.

  1. Login into your cPanel.
  2. Select HotLink protect cpanelNavigate to the security section and click the HotLink Protection icon.
  3. Enable hotlink protect cpanelTo allow url's in the browser to access your images, select the "Allow direct requests" checkbox. This will let the visitor to navigate to the url in the browser while denying image linking through the code of a site.

    holtink protect enabled cpanelYou should see "HotLink Protection is currently enabled" on the "HotLink Protection" page.

    Hotlink protect codeIf you open your .htaccess file, you will see the code written to the file like the snapshot to the right.

Support Center Login

Social Media Login

Social Login Joomla

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-06-17 1:45 pm


You show an example of how to redirect to specific page above in the article.


But you do not show how to link to a graphic which would then appear in place of the graphic that the hot linker is trying to link to.


I know this is possible as I used to do this but have not done so for many years and cannot remember the correct syntax for the Rewrite rule line.


hope you can help





43,032 Points
2014-06-17 1:56 pm
Hello Vicky,

In that case, the syntax is very similar:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?example\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ [L]

One important thing to note is that the 'replacement image' cannot be on a folder that is protected by the hotlinking. Use of an image site such as is recommended.

Kindest Regards,
Scott M
n/a Points
2015-02-13 8:40 am
I don't think you can improve this page, But it would be handy to know if people who are allowed could access RAR files, photos etc or a how to setup to allow - and download them from within a browser (Google Firefox) Etc by using a hotlink from a "Allowed URL"
n/a Points
2015-09-23 4:50 am

Hello Scott,

am just trying to enable image hotlinking through htaccess I tried too many times but it won't work

here is my file:


###Close Directory ListeningOptions -Indexes ###Redirecting non-www to wwwRewriteEngine onRewriteCond %{HTTP_HOST} ^eddiesmarket\.net [NC]RewriteRule ^(.*)$$1 [L,R=301,NC]### Removing Extensions (.html)RewriteEngine onRewriteCond %{REQUEST_FILENAME} !-dRewriteCond %{REQUEST_FILENAME}\.html -fRewriteRule ^(.*)$ $1.html###### Caching<FilesMatch "\.(ico|pdf|jpg|jpeg|png|gif|html|htm|xml|txt|xsl)$">Header set Cache-Control "max-age=31536050"</FilesMatch>### Redirect 404 & 403 to the HomepageErrorDocument 404 http://www.eddiesmarket.netErrorDocument 403 Disable Image HotlinkingRewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://(www\.)?*$ [NC]RewriteRule \.(jpg|jpeg|gif|png|bmp)$ [R,L]###Compressing G-Zip<IfModule mod_deflate.c>        <IfModule mod_setenvif.c>                <IfModule mod_headers.c>                        SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding                        RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding                </IfModule>        </IfModule>        # Compress all output labeled with one of the following MIME-types        # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`        #    and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines        #    as `AddOutputFilterByType` is still in the core directives).        <IfModule mod_filter.c>            AddOutputFilterByType DEFLATE application/atom+xml \              application/javascript \              application/json \              application/rss+xml \              application/ \              application/x-font-ttf \              application/x-web-app-manifest+json \              application/xhtml+xml \              application/xml \              font/opentype \              image/svg+xml \              image/x-icon \              text/css \              text/html \              text/plain \              text/x-component \              text/xml        </IfModule></IfModule>### Set Expires Headers<IfModule mod_expires.c>        ExpiresActive on        ExpiresDefault                                    "access plus 1 month"    # CSS        ExpiresByType text/css                            "access plus 1 year"    # Data interchange        ExpiresByType application/json                    "access plus 0 seconds"        ExpiresByType application/xml                     "access plus 0 seconds"        ExpiresByType text/xml                            "access plus 0 seconds"    # Favicon (cannot be renamed!)        ExpiresByType image/x-icon                        "access plus 1 week"    # HTML components (HTCs)        ExpiresByType text/x-component                    "access plus 1 month"    # HTML        ExpiresByType text/html                           "access plus 0 seconds"    # JavaScript        ExpiresByType application/javascript              "access plus 1 year"    # Manifest files        ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"        ExpiresByType text/cache-manifest                 "access plus 0 seconds"    # Media        ExpiresByType audio/ogg                           "access plus 1 month"        ExpiresByType image/gif                           "access plus 1 month"        ExpiresByType image/jpeg                          "access plus 1 month"        ExpiresByType image/png                           "access plus 1 month"        ExpiresByType video/mp4                           "access plus 1 month"        ExpiresByType video/ogg                           "access plus 1 month"        ExpiresByType video/webm                          "access plus 1 month"    # Web feeds        ExpiresByType application/atom+xml                "access plus 1 hour"        ExpiresByType application/rss+xml                 "access plus 1 hour"    # Web fonts        ExpiresByType application/font-woff2              "access plus 1 month"        ExpiresByType application/font-woff               "access plus 1 month"        ExpiresByType application/       "access plus 1 month"        ExpiresByType application/x-font-ttf              "access plus 1 month"        ExpiresByType font/opentype                       "access plus 1 month"        ExpiresByType image/svg+xml                       "access plus 1 month"</IfModule>### Turn E-tags off<IfModule mod_headers.c>        Header unset ETag</IfModule>FileETag None


37,367 Points
2015-09-24 9:16 am
Hello Fadi,

Your best bet is probably to clear all of the code that you added in .htaccess for hotlink protection and then follow the article's suggestions using the cPanel to set your hotlink protection. Check out this video for further assistance on its use.

If you have any further questions or comments, please let us know.

Arnel C.

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

5 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!