Options for Protecting Your Themes

Recently, it seems there has been some worry about file and theme piracy occurring at ThemeForest. On a positive note, this is a sign that ThemeForest continues to grow more successful each day, and the themes involved are in higher demand. On a very negative note, this unfortunately means some authors themes are being stolen and redistributed. Before I go any farther, I know what most of you are thinking, “There is absolute way to keep piracy from occurring on ThemeForest!”. I couldn’t agree with you more. However, while we cannot stop the piracy, we as authors can take certain steps to discourage theme piracy. Security and usability are two things that always must be balanced. Today, we will have a look at some options and steps you can take to deter file piracy.

Watermarking Images

One of the most obvious and frequently used methods of protecting your theme is adding a watermark to the screenshots and/or live preview. If you are watermarking a live preview, focus on the key elements and images that would be needed to copy the theme and watermark them well. Be aware a watermark does not guarantee that theme cannot be stolen, as someone skilled with photoshop could take the time to remove the watermarks using various tools and techniques.

Screenshot 1


  • Makes images on your live previews difficult to download and use in pirated files.
  • Easy to implement.
  • Can be extremely effective if used frequently throughout the live preview, as it is a lot of work to correct watermarks.


  • Watermarks can hamper the aesthetics of the theme and can leave the user wondering how it looks without the watermark.
  • Watermarks can still be circumvented by someone with some photoshop skills and time on their hands.
  • More time is required from you as you must take the time to properly watermark the preview and screenshots.

Watermark Resources

HTML Obfuscation

HTML obfuscation is the process of scrambling your html code through a tool or in some instances a Javascript file to make the HTML unreadable/confusing to humans. HTML obfuscation is rarely very effective and in a lot of cases can be more frustrating for a potential buyer.

Screenshot 2


  • Some less technically skilled will not understand how to copy/ reverse obfuscate your HTML code.


  • Firebug will automatically convert it to readable HTML in most cases, making it a lost cause if the user is aware of the firebug plugin.
  • A potential buyer may become frustrated if they are not able to view your coding techniques and practices.
  • If the tool uses Javascript to obfuscate the HTML, simply disabling Javascript will circumvent the obfuscation.
  • There are plenty of tools to ‘decrypt’ the obfuscation.
  • It is more work for you to go through before uploading a theme.


Taking a Screenshot of your Code

ne-design, an author on ThemeForest, brought up the idea in this thread, which discusses the concerns of piracy and a lot of members own ideas. Taking a screenshot of your own code my allow you to show readers some of your coding style, while forcing others to write it down manually.

Screenshot 3


  • May prevent others from directly copying and pasting your code while allowing buyers to view some of your code.


  • It is not awfully convenient to view a screenshot of code as opposed to the real thing.
  • Some buyers would prefer to view the entire source before committing to a purchase.
  • As always, if someone wants to, they just need to take the time to manually write it down.

Using code pasting services

Using code pasting services, such as pastie is similar to the screenshot technique as you are providing potential buyers with a section or part of the code. A code pasting service allows you to paste however much code you wish, and in turn will give you a link to a page that will always display the code entered.

Screenshot 4


  • Allows the user to get a feel for your style of coding and how your code looks.
  • Super easy to implement, does not take very long.


  • Obviously, anyone can copy and paste it and use as they like.
  • Some buyers would prefer to view the entire source before committing to a purchase (assuming you show only a section of your source).

Code pasting resources

Detect scrape bots with PHP

In case you weren’t aware, there are certain software programs exist solely for ’scraping’ a site and stealing the code, content, and images. This software makes the life of a pirate very easy. Luckily, these programs aren’t too reliable and tweaks and fixes will still need to be applied to the code that was scraped. Lets look at an example of a php script we could use to detect scrap bots on our live preview. I got this idea from tutorialtastic and their php secure mail form which has part of the script check for known bots. Here is the basic snippet:

$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {

Known spam bots are not allowed.


Now we can do a few different things with this. For one, we could simply redirect to a custom page where you can display your own message and log any details you like:

$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";

if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
header("Location: http://yoursite.com/no_bots.html");

Or, we could just directly log the details and send the information to ourselves in an email like so:

$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";
//Setup IP check function
//Thanks to http://roshanbh.com.np/2007/12/getting-real-ip-address-in-php.html for the function below.
function getRealIpAddr()
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
return $ip;
if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
$botIP = getRealIpAddr();
$botDate = date("Y/m/d");
$botAgent = $_SERVER['HTTP_USER_AGENT'];
$yourEmail = "you@yoursite.com";
$yourSubject = "Bot Detected";
$yourMessage = "A bot was detected accessing your theme on " . $botDate . ". The IP address is suspected to be " . $botIP . " and the bot used was " . $botAgent . ".";
$from = "My Theme Script";
$headers = "From: $from";
header("Location: http://yoursite.com/redirect.html");

Fill in your details in the script above and add above any code in your current preview. If you get a headers already sent error, you are outputting info before the script. Again, it needs to be the absolute first thing on your page.


  • Allows you to monitor to some extent if custom scrape bots are accessing your theme, may allow you to contact the host depending on the IP accuracy.
  • May hamper or stop the attempt to scrape a preview using automated software.


  • Not be able to access your live preview with a bot might frustrate the ‘pirate’ even more, fueling him/her to find a way to obtain your theme. Pirates love a challenge and often it is much like a game for them to try and crack a theme or piece of software.
  • It certainly does not account for all bots, and a skilled user could change his user agent easily.

Asking nicely

I recently read an article on TorrentFreak titled How to Stop Warez Pirates? Ask them nicely. The article goes on to show the case of a single software developer whose software was being pirated and released to the public. Trey, the author of the software, simply wrote the people doing the pirating if there was any way they could come to some kind of agreement for them to stop distributing his software. He was calm, kind, and respectful in his email, and they returned the favor by taking down the torrent themselves.

Consider including a text file like ‘ToCaptainBlackBeard.txt’ (you’ll probably want to change the name):


If you are considering pirating this theme, there is nothing I can do to stop you at this point. However, I ask that you please consider that I am just a person trying to make some money doing what I love, designing themes. I am very flattered that my theme is popular enough to pirate, but I would greatly appreciate it if you would not re-distribute my theme. Thanks very much.



  • It just might work or have an impact on someone!


  • It gets ignored and piracy continues, it just depends on the individual.

Provide a full live preview with no anti-piracy techniques

Lastly, my favorite technique. Create a live preview with source code fully viewable for the world to see. Sure, it becomes much easier to pirate your theme. It also becomes a lot easier for buyers to purchase your theme, as they can feel more comfortable with live preview and full source code. We already know that no technique will stop piracy, so instead we will make it as easy as possible for people to make a decision to purchase it, increasing our overall buyer base. Usually, the most successful themes on ThemeForest use this ‘technique’.

Screenshot 5

What to do if your theme is pirated?

So, you just found one of your themes on a torrent site or being re-distributed somewhere. What do you do now? Fortunately, ThemeForest has taken care of this question for us in the ‘important guidelines regarding pirated files‘ thread. Basically there are three things to keep in mind.

  1. Immediately write Envato Support a letter informing them of the site you found to be hosting the file. Provide them a link to whatever files found.
  2. You can then write the actual website a letter explaining that they are hosting copyrighted material. Support will be doing this as well. So this step is optional, but every letter fighting this case helps.
  3. DO NOT under any circumstances posts links here to the websites that host our files. By doing this you are publicly advertising where others can go to find stolen files. This worsens the case.

Please note that I am fully aware that all techniques above can be circumvented one way or another. Absolutely nothing can stop someone from buying a theme and re-distributing it amongst themselves. This is just a reality we are forced to live and deal with. The above steps are meant to give you an idea of your options, not to stop people from buying it and re distributing it. Also be aware that Envato does deploy employees that do their best to find copyright violations and piracy occurring on the ThemeForest network.


  • Ben says:

    If you want to be hardcore, you can also obfuscate php & css as well! But I’m not sure you’ll sell many templates/themes after then.

    If I had a theme to protect, I would definitely put some irrelevant sentence inside it, like “paoeifuapoeinfupaiopeufa” and then make it display : none, and make a google alert for it.

    This parallel method should show you many other ways to protect your theme : that was just an exemple. For instance, you can also make a unique css class that won’t come out very often, and then check for it on specified search engines.

    Note : the code snippet you invoked here doesn’t recognize the snoopy class, which can also be a potential threat ;-)

  • Thomas says:

    Thats Very Nice! I like some ideas, i have been scammed a lot of times and i am in need of some good way to protect. Ty.

  • mary says:

    Thanks for the ideas. I am just now starting to learn how to create themes and this is an interesting read. I am still a long way from even thinking about selling themes and theme privacy, since any themes I create at the moment will probably be released free. But still, this is very useful information to have.


  • Those are great ideas. I am glad you shared those

  • James says:

    Obfuscation is near useless. You don’t even need Firebug to get passed it. Just ‘javascript:alert(document.body.innerHTML);’ in the address bar of your browser and voila!

    The fact is, all you’re going to do is slow thief’s down with the above methods. If you’re really that worried about it then stop selling files on Themeforest!

  • Jeff Adams says:

    @ James – I agree. 95% of the folks buying these themes aren’t John Doe, theor usually designers I would imagine and I’ll be perfectly honest I look at the code on some themes to find out how the author has done x or y but ultimately, it’s up to me to be creative and get people to buy it.

    If i see a theme i like, i’ll buy it on the basis that i’d like to know how it was made.

  • Amy says:

    I like Ben’s idea of putting some irrelevant sentence in the code. Never thought of that!

    I don’t bother doing any “protection” on themes personally…. Im under the impression that _most_ people are good :)

  • Drew says:

    @James-Yes yes. I stated twice in the article these are just options that are available to you, not steps you should take. Also note all the cons compared to pros listed for HTML obfuscation. I meant to make it obvious it was a bad choice.

    Nevertheless, quite a few members have and are using this technique, therefore it is an option, just not a great one.

  • baded says:

    I am very “brand-new” to this site and work and naive to the web. Much of my work I do is for under-served communities in education and has been done for free. Some of it has been “taken” by others and sold for profit, but I try to focus on what my purpose and goals are. I guess what I’m trying to say is I like the comments made by James and Amy. There are always going to be people who like the work you do and are the “wanna be’s” Thank you for what you do and I hope to learn and contribute…and buy!

  • Drew says:

    @babed-It’s great to have you with all of us on the site :)

    I agree with you, there are always going to be people who attempt and do steal your work, this post was just to give people and idea of their options and clear up what works best and what doesn’t.

  • kevinsturf says:

    I think a screenshot would be better, at least for me and the author gives a description of how it functions.

    Maybe I’m wrong or not but still, It would be a great idea.

  • Todd Rothman says:

    I think the best way to reduce piracy is to increase the value of the support for the purchaser. What I mean is that if the template comes with well documented support files the person may choose to purchase rather than pirate because it will make it easier to modify for their needs with a well documented support file than a pirated copy of the site.

    I have purchased many files off this site and what I look for unfortunately I dont know until after I purchased. So the quality of my former purchases drives whether I am likely to purchase or pirate in the future (sad but true fact especially for less talented developers/designers like myself)

    Here is what I find valuable as a consumer purchasing from theme forest

    1. Is the psd file easy to work with. Organized in folders and has a clear doc to explain stuff

    2. are the descriptions for modifying the html/source clear and concise

    3. if there is jquery in the source does the support doc clearly explain how to modify it

    4. Does the author respond to the thread for the template

    Here is how I think theme forest can contribute to the mission of reducing piracy:

    1. provide some sample support doc formats for authors to use

    2. provide a library of common descriptions for authors to use in there document (for example, jquery carousel is commonly found in scripts but the author may not want to write a paragraph about using it but if theme forest wrote it once or took it from a well defined example then everyone can copy and paste into their doc)

    3. Provide a secured forum for users that purchased a theme so everyone cannot read the threads about modifying the template. I notice many questions in the thread below the template. this is public so anyone (pirates included) that want to modify the template can ask questions and read answers. If the customer only gains full access to viewing the thread if you are a purchaser, then people cant get free help without buying the theme.

    I know it is a selling point to show the support for the theme but Perhaps the author of the theme can select if their answer is public or private if private the user must login to view the answer and authentication occurs to verify if the user purchased the theme first.

    4. Incentive piracy reporting. perhaps make it clear similar to the “report this file” button located next to themes that you can get this theme for free or a discount if you report copyright infringement and the author or whoever can verify it is true that the file is pirated elsewhere. This will at least leverage the community including pirates to disclose occurrences of piracy usage.

    following this logic, Theme Forest should disclose the success of catching pirates. don’t provide links to sites where piracy occurred but brag about how “theme forest has cracked down on the piracy thanks to the community effort”. This will perhaps influence the thinking of future pirates.

  • myows says:

    this is a great article – bookmarked !

    We love the “stay calm” recommendation, loosing your cool never helps !

  • WatcherLV says:

    Some ideas are very useful. Thanks!

  • TJ says:

    Great, original article. Thanks, Drew!

  • Nate says:

    Great article.I Just realized you can:

    ZIP Theme.
    Upload 2 Rapishare (or others).
    Post Link on Web.

    I saw some kind of technique to put a (obfuscated) thing like kbksdfjksfe before the , assign a class to it, make it display:none, and sell it like that. Then google for that in the code for something.

  • Nate says:

    Sorry for double comment. After the list I ment:
    I saw some kind of technique to put a (obfuscated) thing like kbksdfjksf in a span tag, before the end body tag or , assign a class to it, make it display:none, and sell it like that. Then google for that in the code for something.

  • Matt says:

    I don’t mean to sound sympathetic to piracy, nor sound like I’m against ThemeForest, as I hope to join the business myself. Though, most of the people pirating the themes are unlikely to pay for the themes in the first place. This is basically the battle of vBulletin vs. black beard.

    The best way I can think of to stop piracy is to implement the broker-call system. The seller, the one creating the themes, calls the broker, Themeforest, in the suspicion of a user stealing the themes. ThemeForest contacts the user for credentials and proof that they have rights to use the theme, i.e. the “receipt”. In this process, keep a database of registered domain’s OK’d by the buyer and register them if they are legit (not registered for some reason). If the user is not allowed to use the theme, file a complaint with the ISP and/or hosting provider on the grounds of piracy. It’s not sure-fire, but it’s better than leaving it alone.