it's always good to have a checklist. most people forget something or other!

how about .htaccess to ban certain undesirable bots? See this thread
[webmasterworld.com...]

have you placed images in a directory below web access level ? if your domain name is pointing to /web/, and you place images at /web/images/, then people could link directly to the images (bandwidth theft). you can prevent that by placing images in a directory at the same level as /web/ - you will need to link to the images using "../images/filename".

maybe do the same for databases and CSS files etc.

as an alternative, maybe a .htaccess in certain directories ? for example, if you have a directory of php include files, you could use a .htaccess file in that directory with the following content:
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
that should restrict access to those files so that only your main scripts can get at them.

have you left email addresses in plain text format? some people recommend you use "ram@{ ..." so that email address spiders can't pick it up as an email address. browsers should display it as a normal email address.

can't think of anything else offhand, but if i do, i'll add it

you will need to link to the images using "../images/filename".

I was curious about this one and just tested it. I have a site that does link to the images in that fashion, and I was able to directly link to it from another site.

(Right click on image - properties - will give the complete URL of the image.)

I know there are some scripts available to detect direct linking, but I haven't seen one in code. Have you Crazy?

The email address is a good idea too. I've also seen the address broken into two strings to avoid the spiders.