In the concluding part of a two-part series on protecting your images, we explain how to stop hotlinking, disabling right-click downloading, and making images invisible to website-scraping bots

In the first part of this guide, we looked at how to protect images on social media, as well as watermarking, guarding against screenshot attempts, and adding copyright information.

In this concluding article, we look at some of the more advanced measures that are used for protecting images. We also look at their main shortcomings, which you should consider if attempting to manually implement them.


Hotlinking is a problem that dates back to the beginning of the internet, when hosting and bandwidth were expensive.

Instead of downloading the image, website owners would display it on their website by linking to its original location. As a result, the image would load from another server, which would have the effect of using bandwidth and storage provided by the image owner. 

Such hotlinking is often carried out by bots that automatically create websites using content aggregated from other sites. The reason? By scraping this content, a malicious usercan make money from banner ads displayed alongside or, alternatively, simply claim the content as their own.

Not all hotlinking is bad, of course. The best example of legitimate hotlinking is Google Images, something many of us rely on without really considering how it works. When your images are scanned by Google Images, Google caches a small thumbnail that can be displayed in search results. Once the thumbnail is clicked, however, the magnified image no longer comes from Google, but from the image owner’s website.

Hotlinking can be prevented with the ‘.htaccess’ configuration file, although SmartFrame users can also block and control this through the SmartFrame Admin Panel, and customize the way such a thumbnail is displayed in search results here too.

Robots meta directives

A common way to instruct web crawlers is by using a ‘robots.txt’ or meta robots tag in the header of a webpage. This can contain directives for web bots that tells them whether to index the website or not.

There are a dozen different settings but the most commonly used ones are ‘noindex’ and ‘nofollow’.

One thing that you should bear in mind is that this is just a polite request, not protection. Legitimate search engines will always honor it, while others will ignor