Open Ticket 
+373 79 600002 
Telegram Live Chat 
F.A.Q 
English
Русский 
Română 
Deutsch 
Français 
Türkçe 
Español 
Português 
Українська 
български 
Polski 
Indonesia 
中文 (中国) 
CMSHow to Discover Which WordPress Theme a Site Is Using
Identifying the WordPress theme running on any website comes down to one core principle: WordPress stores all theme assets under a predictable directory path — /wp-content/themes/[theme-slug]/ — and that path leaks into the rendered HTML, CSS references, and HTTP responses in multiple places. Once you know where to look, detection takes under two minutes with no special tools required.
This guide covers every reliable detection method, from automated online detectors to raw HTTP header inspection, including the edge cases where themes are deliberately obfuscated and what you can still extract in those scenarios.
Why Identifying a WordPress Theme Matters
Beyond simple curiosity, theme identification serves several legitimate professional purposes:
- Design research: Replicate a layout or UI pattern by sourcing the exact theme rather than rebuilding it from scratch.
- Competitive analysis: Understand the technology stack of competitors in your niche.
- Security auditing: Verify whether a site you manage or assess is running an outdated or vulnerable theme version.
- Client onboarding: When taking over a WordPress site without documentation, theme detection is often the fastest way to reconstruct the stack.
- Plugin compatibility checks: Many premium themes bundle specific plugins; knowing the theme helps predict the full dependency tree.
If you are building or migrating a WordPress site — whether on Shared Web Hosting or a fully managed VPS Hosting environment — knowing the exact theme slug is essential before you can replicate a design or audit an inherited installation.
Method 1: Automated Online Theme Detectors
Automated tools are the fastest starting point. They parse the page source, resolve CSS and JavaScript asset URLs, and cross-reference known theme databases to return structured results in seconds.
What WordPress Theme Is That (whatwpthemeisthat.com)
This is the most widely cited detector. It returns the theme name, version, author, theme URI, and a list of active plugins detected from enqueued scripts and stylesheets.
How to use it:
- Navigate to
whatwpthemeisthat.com. - Paste the full URL of the target site into the input field.
- Click Search.
- Review the returned theme card — it includes a direct link to the theme's repository or purchase page.
Limitation: If the site uses a heavily customized child theme or has renamed the theme directory, the tool may return the parent theme name or fail entirely.
WPThemeDetector (wpthemedetector.com)
WPThemeDetector goes a step further by also cataloguing active plugins alongside the theme. It is particularly useful when you want to understand the full plugin ecosystem, not just the theme.
How to use it:
- Go to
wpthemedetector.com. - Enter the target site URL.
- Click Experience the magic of WPTD.
- The results page lists the active theme and up to 20 detected plugins with links to their WordPress.org entries.
Limitation: The free tier rate-limits requests. For bulk analysis, manual inspection is more practical.
IsItWP (isitwp.com)
IsItWP combines theme detection with a broader technology fingerprinting scan. It confirms whether the site is running WordPress at all before attempting theme identification — useful when you are unsure whether the target is even a WordPress installation.
Method 2: Inspecting the Page Source Directly
When automated tools fail or return ambiguous results, the page source is the ground truth. WordPress injects the active theme's stylesheet as a <link> tag in the <head> section of every page by default.
Viewing Raw Page Source
- Open the target site in any browser.
- Press
Ctrl+Uon Windows/Linux orCmd+Uon macOS to open the raw source in a new tab. - Press
Ctrl+F(Windows/Linux) orCmd+F(macOS) to open the find bar. - Search for the string
wp-content/themes/.
You are looking for a line structured like this:
<link rel='stylesheet' id='theme-name-css'
href='https://example.com/wp-content/themes/theme-slug/style.css?ver=3.2.1'
type='text/css' media='all' />The segment between /wp-content/themes/ and the next / is the theme directory name (also called the theme slug). This is the canonical identifier used in the WordPress theme repository and by theme developers.
Pro tip: The ?ver= query parameter often reveals the theme version number, which is critical for security auditing. Cross-reference this version against the theme's changelog to determine whether it is current.
What the style.css Header Tells You
Once you have the theme slug, you can access its stylesheet header directly by constructing the URL manually:
https://example.com/wp-content/themes/theme-slug/style.cssThe top of a well-formed WordPress theme stylesheet contains a structured comment block that functions as the theme's metadata manifest:
/*
Theme Name: Astra
Theme URI: https://wpastra.com/
Author: Brainstorm Force
Author URI: https://www.brainstormforce.com/
Description: Astra is fast, fully customizable & beautiful WordPress theme...
Version: 4.6.11
License: GNU General Public License v2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Text Domain: astra
Tags: custom-background, custom-logo, custom-menu, ...
*/This block gives you the exact theme name, version, author, and license — everything you need to locate the theme's official source.
Security note: Some hardened WordPress configurations block direct access to theme files via .htaccess rules or NGINX location blocks. If you receive a 403 Forbidden response, the site administrator has explicitly restricted directory traversal — a good security practice.
Method 3: Browser Developer Tools for Deep Inspection
Browser DevTools provide more granular control than raw source viewing, especially when a page is assembled dynamically or assets are loaded asynchronously.
Using the Elements Panel
- Right-click anywhere on the target page and select Inspect (Chrome, Firefox, Edge).
- In the Elements tab, press
Ctrl+Fto search within the DOM. - Search for
wp-content/themesto highlight all matching nodes. - Examine the
hrefattributes of<link>tags andsrcattributes of<script>tags — both will contain the theme slug.
Using the Network Panel
The Network panel is the most reliable method when a site uses JavaScript-rendered content or defers stylesheet loading:
- Open DevTools and switch to the Network tab.
- Filter by CSS or All.
- Hard-reload the page with
Ctrl+Shift+R(Windows/Linux) orCmd+Shift+R(macOS). - Look for any request whose URL path contains
/wp-content/themes/. - Click the request to inspect response headers — the
Last-Modifiedheader can also hint at the theme's update history.
Reading HTTP Response Headers
Some WordPress configurations expose the X-Powered-By or custom headers that reference the theme or framework. In the Network panel, click any page request and examine the Response Headers section. While this is rarely conclusive on its own, it can corroborate findings from other methods.
Method 4: Checking the Footer for Theme Credits
Many free and freemium WordPress themes include a "Powered by" attribution link in the footer as a condition of their free license. This is the lowest-effort detection method when it applies.
Scroll to the very bottom of the target page and look for text patterns such as:
Powered by [Theme Name]WordPress Theme by [Developer Name][Theme Name] by [Author]
These credits typically link directly to the theme's official page. However, premium themes and any site where the owner has removed footer credits — which is permitted under GPL and most commercial licenses — will not display this.
Edge case: Some theme developers require footer credit retention as a condition of the free license. Removing it without purchasing a premium license technically violates the license terms. If you see no footer credit, the site is either running a premium theme or the owner has paid to remove attribution.
Method 5: Detecting Child Themes and Parent Theme Relationships
A critical nuance that most detection guides omit: child themes are extremely common in production WordPress sites, and they fundamentally change what you find in the source.
When a site uses a child theme:
- The active stylesheet
hrefpoints to the child theme directory (e.g.,/wp-content/themes/astra-child/style.css). - The child theme's
style.cssheader contains aTemplate:field that identifies the parent theme. - Both directories exist on the server simultaneously.
Example child theme header:
/*
Theme Name: Astra Child
Template: astra
Version: 1.0.0
*/The Template: astra line is the definitive indicator. The parent theme — astra in this case — is the one that contains the core functionality and design system. The child theme only overrides specific templates or styles.
What this means for you: If you want to replicate the design, you need the parent theme, not the child. If you want to understand the customizations, you need both.
Method 6: Using WP-CLI on Accessible Servers
If you have SSH access to the WordPress installation — for example, on your own VPS Hosting environment or a Dedicated Server — WP-CLI provides the most authoritative theme information available:
wp theme list --path=/var/www/html/wordpressSample output:
+------------------+----------+-----------+---------+
| name | status | update | version |
+------------------+----------+-----------+---------+
| astra | active | none | 4.6.11 |
| astra-child | active | none | 1.0.0 |
| twentytwentyfour | inactive | available | 1.1 |
+------------------+----------+-----------+---------+For a site you are auditing remotely without SSH access, this method is unavailable — but for your own installations, it is the definitive source of truth and also reveals inactive themes that may represent an attack surface if left unpatched.
Method 7: Querying the WordPress REST API
WordPress exposes a REST API by default. On many unmodified installations, the following endpoint returns theme-related data embedded in the site's general information:
https://example.com/wp-json/wp/v2/themesImportant caveat: Since WordPress 5.7, this endpoint requires authentication — unauthenticated requests return a 401 Unauthorized response. However, the general site info endpoint sometimes leaks theme data:
https://example.com/wp-json/Look for the gmt_offset, timezone_string, and occasionally theme-related metadata in the response JSON. This is an inconsistent method but worth checking on older or misconfigured installations.
Handling Obfuscated or Hardened Sites
Some WordPress installations are deliberately configured to obscure theme identity. Here is what each countermeasure looks like and what you can still determine:
| Obfuscation Technique | What It Blocks | What Still Leaks |
|---|---|---|
| — | — | — |
| Renamed theme directory | Directory name in URLs | `style.css` Theme Name field if accessible |
| Blocked `/wp-content/` access | Direct file URL access | Enqueued asset fingerprints in page source |
| Minified/concatenated CSS | Individual file paths | Combined asset URL may still contain theme slug |
| Custom `wp-content` directory path | Default path detection | New path visible in page source asset URLs |
| Disabled REST API | API-based detection | Page source and footer credits unaffected |
| Removed footer credits | Footer attribution | Source code inspection still works |
| CDN-proxied assets | Origin server paths | CDN URLs may still contain theme slug segments |
No single countermeasure blocks all detection vectors simultaneously. A site would need to implement all of the above to be effectively opaque — which is operationally impractical and would break legitimate functionality.
Comparison: Theme Detection Methods at a Glance
| Method | Technical Skill Required | Works Without Server Access | Detects Child Themes | Detects Theme Version | Speed |
|---|---|---|---|---|---|
| — | — | — | — | — | — |
| Online detector tools | None | Yes | Partial | Sometimes | Very fast |
| Page source inspection | Low | Yes | Yes | Yes (via `?ver=`) | Fast |
| Browser DevTools (Elements) | Low | Yes | Yes | Yes | Fast |
| Browser DevTools (Network) | Medium | Yes | Yes | Yes | Medium |
| Footer credit check | None | Yes | No | No | Instant |
| `style.css` direct access | Low | Yes | Yes | Yes | Fast |
| WP-CLI (SSH access) | High | No | Yes | Yes | Very fast |
| REST API query | Medium | Yes (limited) | No | No | Fast |
Practical Considerations When Using a Detected Theme
Once you have identified the theme, several downstream decisions follow:
Licensing: Most WordPress themes are GPL-licensed, which permits free redistribution. However, premium themes sold through marketplaces like ThemeForest use split licensing — the PHP code is GPL, but bundled assets (images, fonts, JavaScript libraries) may carry commercial licenses. Purchasing a legitimate license is the correct path.
Version matching: If you are replicating a design, match the exact version you detected. Newer versions may have significantly different layouts or removed features.
Plugin dependencies: Themes like Divi, Avada, and Elementor-based themes rely heavily on companion plugins. The theme alone will not reproduce the design without the corresponding page builder and its saved templates.
Performance implications: If you are deploying the identified theme on your own infrastructure — whether on a VPS with cPanel or a bare VPS Hosting instance — benchmark the theme's asset weight before committing. Some popular themes load 500KB+ of unoptimized CSS and JavaScript by default.
SSL and mixed content: When moving a detected theme to a new domain, ensure your new environment has a valid SSL Certificate configured. Themes that hardcode http:// asset paths will trigger mixed content warnings on HTTPS sites.
Decision Matrix: Which Method to Use
Use this matrix to select the appropriate detection method based on your situation:
- You need a quick answer with no technical setup: Use an online detector (whatwpthemeisthat.com or wpthemedetector.com).
- The online tool returns no result or an incorrect result: Fall back to page source inspection and search for
wp-content/themes/. - The page source shows a child theme but you need the parent: Access the child theme's
style.cssdirectly and read theTemplate:field. - You need the exact version for a security audit: Combine the
?ver=parameter from the enqueued stylesheet URL with directstyle.cssheader inspection. - You have SSH access to the server: Run
wp theme listvia WP-CLI for authoritative, complete results including inactive themes. - All CSS paths are obfuscated or blocked: Check the Network panel for any asset URL containing a recognizable theme slug, then verify via the REST API if the endpoint is open.
- You are auditing your own WordPress installation: Use WP-CLI on your VPS Control Panel environment for the most complete picture, including update availability status.
Key Technical Takeaways
- The canonical detection signal is the
/wp-content/themes/[slug]/style.csspath embedded in page source<link>tags. - Child themes are identified by a
Template:field in theirstyle.cssheader pointing to the parent theme slug. - The
?ver=query parameter on enqueued stylesheets frequently exposes the theme version number. - WP-CLI's
wp theme listcommand is the only method that reveals inactive (and potentially vulnerable) installed themes. - Renaming the theme directory breaks automated tools but not manual source inspection if the CSS file remains accessible.
- No single obfuscation technique prevents all detection vectors; a determined analyst with browser DevTools will find the theme slug in most cases.
- Always verify licensing before deploying a detected theme on a production site — GPL code freedom does not extend to all bundled commercial assets.
Frequently Asked Questions
Can a WordPress site hide its theme completely from detection?
Not practically. Even with directory renaming, blocked file access, and CDN proxying, the theme slug typically appears in at least one enqueued asset URL in the page source. Complete obfuscation would require serving all CSS inline and removing all file-path references — which breaks standard WordPress theme architecture.
What is the difference between a theme slug and a theme name?
The theme name is the human-readable label defined in the style.css header (e.g., "Astra"). The theme slug is the directory name on the server (e.g., astra). These are usually similar but not always identical — premium themes sometimes use slugs that differ from their display names. The slug is what matters for WP-CLI commands and direct file access.
Why do online theme detectors sometimes return the wrong theme?
Most detectors parse the first /wp-content/themes/ reference in the page source. If a child theme is active, they return the child theme name rather than the parent. Additionally, if a site uses a CDN that rewrites asset URLs, the detector may fail to find any WordPress-specific path at all.
Does detecting a theme work on headless WordPress setups?
No. In a headless WordPress architecture, the front end is decoupled from WordPress — it is typically a React, Next.js, or Vue application served from a separate origin. The WordPress theme is only used in the admin backend and does not render to the public-facing HTML. Theme detection via page source inspection will find the front-end framework, not the WordPress theme.
Is it legal to use a theme identified on another site?
It depends on the license. Free themes on WordPress.org are GPL-licensed and can be freely used. Premium themes require a valid purchase license per the developer's terms. Using a premium theme without a license — even if you obtained the files through other means — violates the developer's terms of service and, in some jurisdictions, copyright law covering non-PHP assets bundled with the theme.