How to protect images from direct linking

WordPress is not invoked when an image is requested. Since the image is a static file that exists on the filesystem of the server, the web server (usually Apache) serves the image directly without spinning up WordPress. Therefore the membership restrictions that you define in WordPress don't apply when images are linked to directly. Sometimes this is called hot linking. It may be the case that you want to prevent the images in your membership (private) pages from being linked to. Here are a few solutions for preventing the images on your site from being accessed by the public.

Protecting Images With A .httaccess File

You can prevent people from linking to your images using your .htaccess file. Adding the code below to your .htaccess file will make it so images only load if requested by your own site (not directly linked to)

RewriteEngine on<br />RewriteCond %{HTTP_REFERER} !^$<br />RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)? [NC]<br />RewriteRule .(jpg|jpeg|png|gif)$ - [NC,F,L]

This will allow


  to access your images.

Note, however, that this will block everybody from access all images on your site. You may not want that and, instead, only want to block access to private (membership) pages. In that case, put all your private images together in a directory on your server and create a new .htaccess file that just contains the above code. Place the new .htaccess file in the directory with your private images. Then, only the private images will be protected and the rest of the images on your site will remain public so that they can be indexed by Goggle and linked to by Facebook or anyone else.

Hotlink Protection Plugin

There is a WordPress plugin that does something very similar to this but it's all in a plugin so you don't have to manually edit your .htaccess file. This plugin DOES allow Google to index your images and it applies to ALL the images on your site, not just your private ones.

You can download the Hotlink Protection Plugin here:

Use Amazon S3 To Protect Your Private Images

Another way to protect your images is to create an Amazon S3 bucket that restricts access to your images based on the referrer. This is a more complicated approach, but may appeal to you if you are already using Amazon S3 or your server doesn't support the use of .htaccess files. The idea is very much like the .htaccess file approach but uses Amazon S3 bucket permissions.

Here is an article describing the details of how to use Amazon S3 to protect your images.

Still need help? Contact Us Contact Us