Hotlink protecting image.php and GD images

So you've enabled Cpanel's hotlink protection, but those bandwidth thieves are still attacking your dynamically generated images. And while we've seen protecting the entire .php extension fix this issue, we have seen cases where it causes problems with the site.

If you need to hotlink protect a single file, you'll want to add the following to the end of your .htaccess. Or if you're having trouble, rename your old .htaccess and start with a blank one for testing, and you can add the other .htaccess info back in once you've secured this issue.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule image.php$ - [F]

Obviously, you'll want to change yourdomain.com to your actual domain. If there are other domains (parked domains for example or google) that should have access, add more lines for those domains as well, using the same syntax.

Then you'll change image.php to the actual name of your PHP file that generates images. Note that in most cart systems, storing images in the database as PHP actually can cause your site to load more slowly since the system has to do a database query for each image. If you can store the images in the file system, we recommend it :).

Reviewed: 10/14/16
  • Email, SSL
  • 5 Users Found This Useful
Was this answer helpful?

Related Articles

How do I redirect a page or folder?

I have removed a file from being on the website and would like to forward people who were looking...

301 Redirect for All Domains

So you've purchased a ton of domains to park on your main account, but you don't want Google to...

301 Redirect from non-www to www -- Without Looping!

So - you want to improve your search engine rankings, and SEO gurus told you that Google might be...

How to block an IP number

A user is accessing our website and we'd like to block this user as they continue to submit fraud...

Block a country using mod_geoip

Do you have a list of countries that you want to block access to your site?  Have you tried...