.htaccess

[How To] Stop or Disable Hotlinking and Bandhwidth Theft using .htaccess file

by

We found out that many of our copyrighted popular posts have been copied by many of the bloggers. But with so many traffic hungry bloggers around, it is impossible to track and warn each of the bloggers.

Now, our main concern is that many of our copyrighted images are not only copied to other blogs but also hotlinked. This is a serious issue with every popular blog where hotlinking results to bandwidth theft. Now if you are having similar problems of hotlinking or not, you should disable hot linking for sure.

What is Hotlinking or Inline linking?

Inline linking (also known as hotlinking, leeching, piggy-backing, direct linking, offsite image grabs) is the use of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located.[wikipedia]

This is when you insert an image to your blog from an image URL of someone else’s site instead of uploading the image to your server. Many people with limited server storage size tend to do this.

How to stop Hotlinking and Bandwidth theft using .htaccess file?

In order to disable hotlinking follow the steps below:

1. Open your .htaccess file by saving it.

.htaccess file is present in the public_html folder of your blog. This can be accessed by using the ftp client like FileZilla. Hope all webmasters know this. Save the file and open it using notepad.

dot_htaccess

2. Add the code to disable hotlinking of your images

Add the following code to your .htaccess file and save it back to your public_html folder.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\\.)?yoursite\\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\\.(jpe?g|gif|bmp|png)$ http://imagehostsite/warning.jpeg [L]

Change the orange colored code according to your need as shown in the example below.

Example: [Click to Enlarge]

disable_hotlinking

The RewriteCond can be added according to your purpose. If you have any other blog where you want to use the images, then add another line with the site’s address as we have done in the example.

Important notes:

1. Backup your .htaccess file before doing the changes.

2. in the RewriteRule line, you cannot use a warning image uploaded to your site because the warning image itself will be blocked. So upload the image to some other servers like blogger or other image hosting sites

3. The RewriteCond can be added according to your purpose. If you have any other blog where you want to use the images, then add another line with the site’s address.

Now after performing the changes, you can check the other site where your images are hotlinked. An example is given below where our most popular post Reset Windows XP, Vista, 7 Password Using USB Drive or CD was copied.

hotlinking_blocked

Hope you have seen something like ours. Any feedback will be appreciated.

You can also see how to protect your wordpress internal files using .htaccess.

You can subscribe to our RSS feed via email for more tutorials under Blogger Tips.

Is Your WordPress Internal Files Structure Coming In Google Search? Read On…

by

If you are a webmaster or managing a blog, some day or the other you need to sit and dedicate time to optimize your website, and you start it with it editing core internal files and if you are unlucky,  you may end up messing up things without being really aware of what you are doing.

This happened to us yesterday, we were editing some internal files of this blog’s WordPress installation files with an insight to optimize the loading time of our blog.We sat for hours and did edit some files.We could at least do something and slept peacefully with some satisfaction.

Then the next day BANG !! we were astonished to find some of the WordPress internal files that otherwise shouldn’t be publicly visible were all over the Google.That’s the moment we spotted the mess (look at the screenshot below) that happened while editing our site files yesterday and started working to fix them.You understood what the problem was, right? Don’t panic, there are lots of people like us, who are unknowingly keeping their site internal files open (see examples).

Wordpress internal files in Google search

How To Fix This?

Step 1: We tried to understand why this is happening?

Reason: The permission properties of inner files of the site are site to ‘public’ that means anyone can see the internal file structure of your blog/site.

Step 2: Having found out the mistake, the solution is simple (at least as it seems):

Permission properties of these files/directories should be made ‘private’ and indexing of these files should be disabled

Step 3: There are two ways to do disable the indexing of files so that other people can’t see what’s inside your internal directories:

# 1 You can place a index.html file in all the folders which are coming ‘index of..’ structures.

# 2 Edit your .htaccess file to disable private indexing of the folders.

Step 4: While the 1st method is relatively simple one to follow, but it takes time as you need to put index.html files in all the directories that are visible in indexing.

Step 5: The optimal method according to us is editing your .htaccess file to disable indexing of folders.

Options All –Indexes

Just add the above code in your .htaccess file (edit through notepad) which is your site’s root folder save it and write it back to your root folder.

Options ALL Indexes in htaccess

Step 6: The problem is solved, now open your Wordpres internal files wihtout logging into the site and you’ll notice the 403 error being returned to you.

This solved the problem in our case.I’ve decided to post this because someone who finds themselves in the same situations as we were yesterday would find it useful to some extent at least.