Protecting Your Images From Theft

Written by Chris Coyier from CSS-Tricks on February 22, 2008

If you Google “stop image theft“, you will get some results of some really bad, non-effective ways of preventing image theft. Things like “disabling right-click” with JavaScript. Crippling usability is never good, especially when it will barely even slow down someone determined to steal your image. This is kind of like strip searching kindergardeners because one of them brought a knife to school once.

There are two different types of “theft” of images. One type is direct “hotlinking” of the image. That is, displaying the image on a third party website directly linking to your image. This is not only theft of your image but theft of your bandwidth as well. The other is copyright. Images you create are yours. Publishing them on your site automatically copyrights them to you and they may not be used elsewhere but for violation of that copyright unless you explicitly state that they can be.

Hotlinking is the worse of these two types, because it infringes copyright as well as steals bandwidth. Fortunately, that is the easiest one to stop. Just a quick addition to the .htaccess file in your root directory:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yourwebsite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png|jpg)$ /images/yourgraphic.jpe [L]

This will automatically block third-party sites from displaying images from your site. The last line will redirect those image requests to your custom image. Notice the weird file extenstion on the JPEG file. That is the loophole allowing your custom image to be displayed and not blocked.

Check out a roundup of some other techniques for fighting image theft.

Share and Enjoy:

Written by Chris Coyier from CSS-Tricks on February 22, 2008 | Filed Under CSS

8 Responses so far | Have Your Say!

Monika Mundell | February 23rd, 2008 at 2:04 am #

There is just one problem with that Chris. If you are on a hosted server with shared hosting you’ll need to set exemption for every URL you run, otherwise they won’t show all the information. In Cpanel go to the “hotlink” icon and insert all the URLs you have live right now. This will prevent others from hotlinking to you, but you can still run all your sites without losing any image related information.
Spale | February 23rd, 2008 at 9:27 am #

Great post, this information will be especially useful for owners of online galleries.
I will tray this solution on my own gallery site.
Thank you for this great tip.
Chris Coyier (Post Author) | February 23rd, 2008 at 10:46 am #

Good reminder, thanks Monkika.
mamba | February 23rd, 2008 at 7:27 pm #

The big post. It is a lot of helpful information! Thanks!
CFernandes | February 24th, 2008 at 11:09 am #

I have a question.

If you don´t want to use the “custom image” and just want to blog others for hotlinking, do you leave out the bottom TWO lines or only the LAST line of the code?

thanks
Chris Coyier (Post Author) | February 24th, 2008 at 5:47 pm #

@CFernandes:

To FORBID the linking entirely, change the last line to this:

RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
Spale | March 8th, 2008 at 4:11 pm #

Can this be used if gallery is on subdomain, and how?