diff --git a/.htaccess b/.htaccess
index 9a69c7655638293c947c4766136618c440128320..99b737c982060112f0a29c656fca52f11a4ae287 100644
--- a/.htaccess
+++ b/.htaccess
@@ -21,6 +21,12 @@
   deny from all
 </Files>
 
+# Protect theme directories:
+<Files *themes>
+  order deny,allow
+  deny from all
+</Files>
+
 # Customized server error messages:
 ErrorDocument 400 /error.php
 ErrorDocument 402 /error.php