How to block access to template files in PrestaShop
By default, anybody can open or download the template files of the themes that you have installed in your PrestaShop. You can prevent this and protect your template files very easily by putting a rule in the .htaccess file that's in the root PrestaShop directory on your PrestaShop hosting account.
If, for example, your PrestaShop is installed in a folder called prestashop in the root public_html directory on your hosting account, the .htaccess file should be in public_html/prestashop. By default, there's no .htaccess file in the root PrestaShop directory. One way to create the file is to generate it from the backend of your store.
To do this in PrestaShop versions older than 1.5, log in to the back office of your store, click on the Tools tab, then on the Generators sub-tab, and on the page that opens click on the button Generate .htaccess file (before that you can also mark the options allowing you to put some optimization and friendly URL rules).
In PrestaShop 1.5 and newer versions this is done differently. Go to Preferences menu>SEO & URLs sub-menu, on the page that opens find the panel Set Up URLs, enable the option Friendly URL and click on the button Save.
Otherwise, another way to create the file is from the Files section of the Pixie control panel. Just go to the root PrestaShop directory, click on the Create File button on the left, type .htaccess in the field that's provided and save the file.
Whichever way you do it, after the file is created, edit it by adding the following rule on a new line in the file:<Files *.tpl> order deny,allow deny from all </Files>
You can edit the file from the Files section of the Pixie control panel (just click on the name of the file), or you can download it, then edit it with a text editor (e.g. Notepad) and upload it back.
As we mentioned, you can generate an .htaccess files with some rules in it from the backend of your store. If you regenerate the file after you have put the rules for the template files in it, the old file will be replaced, and thus the rule will be removed. So if you regenerate the file, you'll have to manually add the rule for protecting the template files again.