Connect with us

How to Protect your WordPress Theme Files

Tips and Tricks

How to Protect your WordPress Theme Files

There are 1000s of WordPress themes available for free download, but still you would like to have a unique theme for your blog or website. All you need is to modify or design a new theme based on an existing theme. Now what happens if someone steals your theme from your theme folder after all the hard work? One of my friends Arpit had problems with some people ripping off his beautiful theme, which he had made for his blog. So how to protect your blog theme?

By default everyone can view the theme folder in your blog (WordPress). The navigation path is If you have a zipped version of your theme in this folder, everyone can just download your theme by clicking the zip file. In order to protect your can do this simple step.

1. Create a HTML page, which has a message like “You are not authorized to view this page” or something similar to it. Here is an example.


2. Save this file as Index.html and upload this file to your themes folder, by default wp-content/themes. Thats it.

Now if you navigate to the same path, this file is displayed and no one can access your theme files. Alternatively you can just remove all the zipped versions of your theme, so that no one can download it directly from your folder or change the permissions set on this folder.

Continue Reading
You may also like...

Nirmal is a Technology Blogger and a Microsoft MVP in Windows. He can be contacted at You can find Nirmal on , and .



  1. Alfred

    December 28, 2007 at 3:42 am

    Creating an html file can block access from the browser, but tools like getright browser will still show the files.

    I think you need to use the Index Manager in your cpanel and set the no index option for these directories.

  2. Pingback: How to protect your web directories | Technology Bites

  3. Techblissonline Dot Com

    December 28, 2007 at 9:14 am

    i agree with alfred…

    or you can have this in robots.txt for all bots…

    Disallow: /wp-content/

  4. nirmaltv

    December 28, 2007 at 10:14 am

    Thanks for the info. 🙂

    Adding in robots.txt will only prevent search engines I guess.

  5. Arpit Jacob

    December 28, 2007 at 11:12 am

    Thanks Nirmal . I haven’t yet down to doing this. haven’t got time because of Christmas.

  6. Techblissonline Dot Com

    December 28, 2007 at 3:37 pm

    try it and see…even noindex is for search engines… 🙂

  7. Techblissonline Dot Com

    December 28, 2007 at 3:39 pm

    you will have several such directories exposed and having an index.html for every directory is not the right way to do it…

  8. Vijay

    December 28, 2007 at 8:54 pm

    I wonder who would be so careless as to store the zipped version in the theme dir! However, I ensure that my theme files are not accessible publicly! I am sure these tips can be useful to new users!

  9. Shivaranjan

    December 28, 2007 at 8:58 pm

    Good tip that can prevent you from simple geeks but as alfred said hackers would be easily bypass this.

  10. Ronald

    December 28, 2007 at 9:13 pm

    How if we set the .httaccess and addedd script like this : Options -Indexes ?

  11. Logesh

    December 28, 2007 at 9:58 pm

    I think using the .htaccess file is the best way. Because, as alfred has said some download managers could look into the directories, and adding robots.txt file will only protects from the search engines and not from the visitors. So i highly recommend to use a .htaccess file 🙂

  12. Haris

    December 29, 2007 at 12:43 am

    Can’t we CHMOD the folder and prevent anyone else from getting in it?

  13. nirmaltv

    December 29, 2007 at 1:12 pm

    I feel from the comments above, writing a rule in .htaccess may be the best option.

  14. Ronald

    December 29, 2007 at 3:41 pm

    I think to protect that directory, you can use a PHP script or .httaccess + .htpasswd file to prevent someone else download your themes/plugins.

  15. Garry Conn

    January 3, 2008 at 12:57 pm

    This will thwart the attempts from many… but most people are after your CSS. They can get the rest of what is needed just by right clicking and viewing source and capturing your div tags and etc… The ultimate way to prevent theme theft is to figure out a way to prevent people from gaining access to your CSS.

  16. nirmaltv

    January 3, 2008 at 2:31 pm

    I agree with you, there should be some way to prevent access to CSS files.

  17. Garry Conn

    January 3, 2008 at 2:52 pm

    Unfortunately, I don’t see how it is possible. Bloggers are all about having machine readable content. And unfortunately, bloggers are all about having this machine readable content looking pretty. CSS is nothing more than making regular text look styled and pretty.

    For bloggers that didn’t care about search engines and having their content machine readable, I wonder if it is possible to create a WordPress site written in Javascript?

  18. EvoWRZ

    August 17, 2008 at 11:19 pm

    Thanks for the tip, i did it in my blog.

  19. WelpWhelp

    November 24, 2009 at 3:45 am

    Impressive Article , I thought it was grand

    I look ahead to more similar postings like this one. Does your website have a subscription I can subscribe to for new postings?

    • Nirmal

      November 24, 2009 at 9:11 am

      There is option to subscribe to RSS or through email, you can see the options on right sidebar

  20. Angelina

    March 24, 2010 at 4:51 am

    interesting post and interesting comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More in Tips and Tricks

Recent Articles


Trending Articles

Latest in Windows 10

Subscribe to YouTube Channel

Like Us on Facebook


To Top