Home / Tips and Tricks / How to Protect your WordPress Theme Files

How to Protect your WordPress Theme Files

There are 1000s of WordPress themes available for free download, but still you would like to have a unique theme for your blog or website. All you need is to modify or design a new theme based on an existing theme. Now what happens if someone steals your theme from your theme folder after all the hard work? One of my friends Arpit had problems with some people ripping off his beautiful theme, which he had made for his blog. So how to protect your blog theme?

By default everyone can view the theme folder in your blog (WordPress). The navigation path is http://www.yourwebsite.com/wp-content/themes. If you have a zipped version of your theme in this folder, everyone can just download your theme by clicking the zip file. In order to protect your can do this simple step.

1. Create a HTML page, which has a message like “You are not authorized to view this page” or something similar to it. Here is an example.

not-authorized.gif

2. Save this file as Index.html and upload this file to your themes folder, by default wp-content/themes. Thats it.

Now if you navigate to the same path, this file is displayed and no one can access your theme files. Alternatively you can just remove all the zipped versions of your theme, so that no one can download it directly from your folder or change the permissions set on this folder.

About Nirmal

Nirmal is a Technology Blogger and a Microsoft MVP in Windows. He can be contacted at nirmal@nirmaltv.com. You can find Nirmal on , and .

21 comments

  1. Creating an html file can block access from the browser, but tools like getright browser will still show the files.

    I think you need to use the Index Manager in your cpanel and set the no index option for these directories.

  2. i agree with alfred…

    or you can have this in robots.txt for all bots…

    Disallow: /wp-content/

  3. @Alfred,
    Thanks for the info. :smile:

    @Rajesh,
    Adding in robots.txt will only prevent search engines I guess.

  4. Thanks Nirmal . I haven’t yet down to doing this. haven’t got time because of Christmas.

  5. try it and see…even noindex is for search engines… :)

  6. you will have several such directories exposed and having an index.html for every directory is not the right way to do it…

  7. I wonder who would be so careless as to store the zipped version in the theme dir! However, I ensure that my theme files are not accessible publicly! I am sure these tips can be useful to new users!

  8. Good tip that can prevent you from simple geeks but as alfred said hackers would be easily bypass this.

  9. How if we set the .httaccess and addedd script like this : Options -Indexes ?

  10. I think using the .htaccess file is the best way. Because, as alfred has said some download managers could look into the directories, and adding robots.txt file will only protects from the search engines and not from the visitors. So i highly recommend to use a .htaccess file :)

  11. Can’t we CHMOD the folder and prevent anyone else from getting in it?

  12. I feel from the comments above, writing a rule in .htaccess may be the best option.

  13. I think to protect that directory, you can use a PHP script or .httaccess + .htpasswd file to prevent someone else download your themes/plugins.

  14. This will thwart the attempts from many… but most people are after your CSS. They can get the rest of what is needed just by right clicking and viewing source and capturing your div tags and etc… The ultimate way to prevent theme theft is to figure out a way to prevent people from gaining access to your CSS.

  15. @Garry,
    I agree with you, there should be some way to prevent access to CSS files.

  16. Unfortunately, I don’t see how it is possible. Bloggers are all about having machine readable content. And unfortunately, bloggers are all about having this machine readable content looking pretty. CSS is nothing more than making regular text look styled and pretty.

    For bloggers that didn’t care about search engines and having their content machine readable, I wonder if it is possible to create a WordPress site written in Javascript?

  17. Thanks for the tip, i did it in my blog.

  18. Impressive Article , I thought it was grand

    I look ahead to more similar postings like this one. Does your website have a subscription I can subscribe to for new postings?

  19. interesting post and interesting comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>