I want to rename WordPress theme folder to different name for some security reasons.
I have downloaded a theme from WordPress theme directory (abc) and i renamed it to (xyz). My question is that does (xyz) theme will get automatic update from WordPress or not? Does it good to rename WordPress theme to different name? or is it a bad idea?
Renaming the theme is unlikely to do any good. The theme might break and you may miss out on (security) updates. And it most likely won’t help you really obscure the theme, because often enough the name will leak in names of id’s, classes and so on.
In stead, you should wonder: what are hackers looking for? That might not be the theme template files, but a script that is included in the theme, such as in the notorious Tim Thumb case. More in general, exploiting weaknesses that are particular for one theme are a waste of time for hackers, because the time it takes to find the weakness doesn’t weigh up to the chance that they will succeed. Only very, very popular themes might warrant that.
More likely, hackers will look for vulnerabilities in popular plugins or (jquery) libraries. Right now, a vulnerability in WordPress Core is being patched hastily around the globe to prevent exploits. Check for general vulnerabilites if your sites get hacked frequently. Or as @MarkKaplun notes, make sure your hosting party knows what it is doing. Concentrating on the theme leads you to miss out on more likely sources of hacks.
Update: read this discussion for more information on renaming themes and this one for more on security.
It depends on the reason you want it to be renamed. In theory no one except the wordpress.org stuff knows what parameters are being used to match theme detail with the themes in the repository, and it might be a combination of name and directory name, so if you want to be sure it will not be updated you should change both, and change it to something unique.
As for security…. if the theme is not secure, it is not secure in all directories and you should just not use it.
My question is that does (xyz) theme will get automatic update from WordPress or not? Does it good to rename WordPress theme to different name? or is it a bad idea?
It will not get the auto-update once you rename it. I tested this a week ago, and I can confirm.
This is your decision. The theme should work.
If you have problems once you rename the folder, this may mean that the theme is low quality.
There are reasons pro and contra. I know the theme updates may cause the problems to the website layout and functionality, and from another side you may not get the latest features, and security updates. Everything is a trade.
Yes you can rename the theme you have downloaded from wordpress directory. But this may lead issues to the site in case the theme is updated.
In case of you update the name please check following things
1. Rename the folder of the theme in wp-content/themes
2. rename theme name from style.css in the root folder of the theme.
3. Also cheange the theme-URI in the style.css so there might not be any issues of future upgrades on your wordpress
The best thing to do is create a child theme and call it whatever you’d like. The parent theme will continue getting updates
No, it is not, for various reasons, but fundamentally it’s a security via obfuscation, a misleading/bad concept
I have downloaded a theme from WordPress theme directory (abc) and i renamed it to (xyz).
Great, .org plugins have a review process and get taken down or adjusted if there’s something truly awful, so no hidden surprises. They aren’t necessarily 100% secure but if you’re not comfortable doing a manual code review it’s a good place to start.
Bonus tip: The themes on WordPress.com have gone through a more vigorous review process and are all available on .org or elsewhere
My question is that does (xyz) theme will get automatic update from WordPress or not?
No, and for this reason alone I would not do this, you won’t recieve security updates
Does it good to rename WordPress theme to different name?
No, security is not improved by doing this, your site is just as insecure
or is it a bad idea?
Yes, I would say it is a bad idea, for a number of reasons
Nobody checks the name of the theme folder. They don’t even check that you’re running WordPress. Everyday your site will have exploits fired at it, for older WP versions, Drupal exploits, Joomla exploits. It’ll get exploits used on it that have nothing to do with websites too.
Attackers don’t care that you’re running WordPress, and nobody will go to the effort of hacking a site themselves. 99% of the process is automated. So why wait for a site to respond to figure out which versions of which software it’s running? Fire and forget, use all the hacks and if any of them worked then it’ll ping you back saying so.
No, this will not protect you, it may even make you complacent thinking you’re more secure than you really are, and it can sabotage future security by preventing security updates from .org, and breaking poorly built themes
The same is true of plugins