If you’re running cPanel, there’s an easy way to do it. Just go to Security -> Hotlink Protection, make sure Hotlink Protection is enabled, that the box for “Allow direct requests” is unchecked. Make sure that all the domains that need to access your images, both HTTP and HTTPS, are in the allowed URLs box. Save your changes.
You can test it by trying to browse directly to an image’s URL.
If you’re not running cPanel, but you’re on an Apache server, you can add the following to your .htaccess:
RewriteCond %{HTTP_REFERER} !^https://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://yourdomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://yourdomain.com$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yourdomain.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
Be sure to change “yourdomain” in the above sample to the name of your domain. You only need the “https” versions of your site if you use SSL.
