Stopping people stealing your web page


This handy bit of javascript will deter people from saving your website to their own computer and using it (or parts of it) in their own web project. This was developed for authors who are worried about their theme been shared illegally. 

See the forum post here:

This is only a deterrent – used to display a message to the user saying they should purchase the website theme instead of using the live preview. You will be notified by email when someone uses your theme.

If someone knows what they’re doing they can bypass this deterrent, but by that stage you should be notified that they are using the theme. 


Step #1 is to upload a PHP script to your website.
Step #2 is to add a piece of javascript to your theme preview.

Step #1 – Upload The PHP Code:

Upload the below PHP code to a file called steal.php on your website (eg:

Just upload it once somewhere (no need to upload it once per theme or anything), all the themes will talk back to this single php script.


// Change these three options below:
$your_email_address = '';
$your_envato_username = 'YourName';
$only_report_uploads = false;
// if you change 'only_report_uploads' to true, this script will only
// notify you and the user once they upload your theme to a website.
// it will NOT notify you if they just save it to their local computer.
// this will allow you to catch someone 'using' your theme, not just saving
// it to their desktop.

    <div style="text-align:center;">
    <div style="margin:40px; padding:10px; border:1px solid #CCC;">
    <div style="background-color:#FF0000; color:#FFFFFF; padding:6px;
    font-size:20px; font-weight:bold;">Warning: Illegal Theme Usage Detected</div>
    <p>Sorry, the website Theme you are trying to use does not have a valid license.</p>
    <p>Please purchase this theme through
    <a href="<?php
echo $your_envato_username;?>/portfolio">ThemeForest</a>
    to obtail a valid license (and the correct version of this theme)</p>
    <p>Your <strong>IP Address</strong> has been logged.</p>
    <pre><?php echo htmlspecialchars($_REQUEST['ipaddr']);?></pre>
    <p>Your <strong>Installation Location</strong> has been logged.</p>
    <pre><?php echo htmlspecialchars($_REQUEST['install']);?></pre>
    <p>This information has been emailed through ThemeForest for investigation.</p>
    <p>We strongly recommend you remove any copy of this theme from your website or
    computer <strong>immediately</strong>.</p>
    <p>Please contact us through
    <a href="<?php echo $your_envato_username;?>">ThemeForest</a>
    if you have any questions.</a>

    // quick hack to find out if this has been uploaded.
    $url_parts = parse_url($_REQUEST['from']);
        exit; // hasn't been uploaded, die.
$hash = md5($_REQUEST['theme'].$_REQUEST['from']);
if(preg_match('/',$_REQUEST['from']) ||
    (isset($_SESSION[$hash]) && $_SESSION[$hash] > time() - 30)){
    exit; // ignore requests from google translate,
    //  and any duplicate requests (dont want this script to spam)
// this sends you an email letting you know that someone used the theme:
$message = "Someone is using a copy of your Theme preview: nn";
$message .= "Theme Name: ".$_REQUEST['theme']."nn";
$message .= "Used Location: ".$_REQUEST['from']."nn";
$message .= "IP Address: ".$_SERVER['REMOTE_ADDR']."nn";
$message .= "Browser Type: ".$_SERVER['HTTP_USER_AGENT']."nn";
$message .= "Date/Time: ".date("Y-m-d H:i:s")."nn";
mail($your_email_address,"Theme Copyied",$message);

// also send this message through themeforest (hehehe! tricky)
// so if they are logged into themeforest at the time they copy
// your theme, you will get a message from their profile :P
// and you can see if they have purchased your item or not.

// below html never shows, just displays in a hidden iframe on theme.
<h1>Theme Disabled - Please contact theme author through ThemeForest</h1>
<form action="?display_message=true" method="post" id="cont" target="_top">
<input type="hidden" name="ipaddr"
value="<?php echo htmlspecialchars($_SERVER['REMOTE_ADDR']);?>">
<input type="hidden" name="install"
value="<?php echo htmlspecialchars($_REQUEST['from']);?>">
<input type="submit" name="continue" value="Continue">
<iframe src="<?php
echo $your_envato_username;?>/send_message?message=<?php echo urlencode($message);
?>" style="width:0; height:0; display:none;" width="0" height="0" frameborder="0"></iframe>
<script language="javascript">

Step #2 – Add The JavaScript Code to your preview:

Add this to every page of your theme preview (ONLY THE THEME PREVIEW – NOT THE FILES YOU UPLOAD TO SELL!). Make sure you change all the bold bits. 
You can also add this to the end of any javascript (eg: jquery.js) files (without the <script> tags) to make it a little harder for people to remove.

<script language="javascript" type="text/javascript">
var theme_name = 'Type Your Theme Name Here';
 && typeof document.getElementById('themenoticeframe') == 'undefined'){ 
   document.write('<if'+'rame src="');
   document.write('&from='+window.location.href+'" frameborder="0"');
   document.write(' id="themenoticeframe"');
   document.write(' style="width:0;height:0;display:none;"></if'+'rame>');

Feel free to paste this javascript code into an online obfuscator like this one so that the code is harder for people to read.

How it works

It’s quite simple, the javascript just checks that your website is really running on your domain name (and not on someone elses domain name or computer)

Every time someone tries to open your theme from their local computer (ie: they have file->save-as’d your preview) or if they try to upload your theme to another website address, you will be notified 🙂 

Once you’ve followed the instructions above, go to your theme preview in a web browser and choose File > Save As. Save your theme to your desktop, and open one of the html files in a web browser. Tada! 

Feel free to modify the code to store incidents in a mysql database etc.. 

Leave a Reply

Your email address will not be published.