I was browsing the prestashop forum and ended up on a thread concerning an issue with people stealing a site design by downloading the template files from the theme directory. It struck me that this is probably something that those of you who use other template systems with your sites may also face, so thought I’d post the solution here too.
The problem is that although php files cannot be viewed directly on your browser, other source files can be e.g. files ending in .tpl
For example take a look at the following file that has the default permissions:
The best way to protect your site is to change the permissions on these files to 600. This will make them accessible only by your own code on the server and present anyone nosey enough to try and look at them with a 403 (forbidden) error. The same is true for php files (although these shouldn’t display the source unless your server configuration is broken).
Have a look at this file with the permissions set to 600: