How to protect your images

Firstly, it has to be said that it is impossible to protect images that are published in the world wide web. Even if the right click is disabled on a site it will still be possible to download an image by disabling JavaScript in the browser or copying it directly out of the browser's cache.

So, why this article?

While it is impossible to protect images that are publicly presented on a site there are many people who restrict the displaying of images to certain users or user groups by using Joomla!'s access levels. These parts of the site and the gallery will only be available for those users then, however if an unauthorised user knows or guesses the actual image paths and names (those ending with e.g. .jpg) he will be able to see the image anyway (that's because access checks can only be done within the PHP script and not for delivery of media files).

In JoomGallery, it is very easy to solve this problem:

  1. Create a file called '.htaccess' (note the single full stop at the beginning).
  2. In this file insert the single line of words 'deny from all'.
  3. Dublicate this file and upload it into the detail image directory and the original image directory (exactly those directories that you can see in tab 'General Settings' -> 'Paths and directories' of the configuration manager for the detail and original images).
  4. Ensure that the option 'Use real paths' in the same tab is set to 'No' (this is already the default).

This way, the .htaccess files with 'deny from all' prevent the access to all detail and original images for each and every user and visitor. So your images are absolutely protected, but users with allowed access rights will still be able to see the images because JoomGallery outputs them through the PHP script (thus, access checks are possible).

Please note that this procedure is not possible for protecting thumbnails. If you want to also protect your thumbnails you have to move the thumbnails directory out of the domain area. For that, please read the notes given at the top of the 'Paths and directories' tab, but we don't recommend to protect your thumbnails because it would slow done your gallery a bit. However, you can use this method also for detail and original images if you don't want to (or cannot) use the '.htaccess' file. .htaccess files cannot be used on IIS servers, for example.


Joom::Gallery is not affiliated with or endorsed by the Joomla! Project or Open Source Matters. The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.