Updated WordPress Requirements

Today we’re announcing a comprehensive update to our WordPress theme requirements for CodeCanyon, ThemeForest, Envato Hosted and Envato Elements.

Over the course of the last few years, the WordPress landscape at Envato has changed. With the introduction of new platforms like Envato Hosted and Envato Elements, along with changes to best practices for WordPress and development generally around the world, our team of WordPress reviewers and specialists have been working at a significant update to our WordPress requirements.

With the introduction of these new ways for authors to earn we approached our requirements for WordPress with a view to harmonize our requirements. In practical terms, this means creating one set of requirements that all platforms across Envato’s ecosystem can use.

The new requirements are available now through the Author Help Center. We have outlined the major changes below, but strongly recommend all authors take the time to carefully read and understand the detail.

Purchase Verification

Previously we haven’t had firm rules around ‘keygates’ that block access to functionality until a purchase has been verified. This leads to an inconsistent experience for customers, so we’ve now added a requirements section covering this.

With the new rules, only the following features can be put behind a keygate:

  • Updates
  • Importing demo content
  • Installing bundled plugins

Importantly, if purchase verification is implemented, users must be able to unlock the item using the Purchase Code. An Envato Market API token may be used as well, but the Purchase Code must unlock the item. This is essential for automation we use for review and granting customers access to items available on other Envato products.

There are also new requirements around notifications / messages and storing the Purchase Code in the options table.

TGM PA must be used for included plugins

If you include plugins with your theme, you must use a TGM Plugin Activation based solution to allow users to install the plugin.

This means you can no longer use your own plugin management mechanism (unless it’s based on TGM PA). It also means that if you do not currently provide a plugin management solution at all, you now need to provide one.

Data Privacy

There are now rules about transmitting data to a third-party server, including your server. The user must now be informed of what will be transmitted and they must opt-in to it.

Gutenberg rules

There are now requirements around supporting Gutenberg, the new WordPress editor. You need to meet these requirements, even though Gutenberg is still in plugin form and not yet merged into core. This will position your theme well to work with the WordPress of the future. Although Gutenberg is still changing, our requirements for themes are unlikely to be affected.

Envato version of Theme Check plugin

We have released an Envato version of the Theme Check plugin, which should be used instead of the original. Please run this on your theme before uploading it. All of our reviewers will use this version and it has been modified to better reflect our latest requirements.

Any results marked as Required must be resolved, as the theme will be rejected for these. Results marked as Warning, Info and Recommended may still result in rejection, but will be considered by a reviewer.

Offloading Plugins to your server

You are now allowed to offload plugins to your server in order to reduce the size of the installable WordPress format zip file. You must still include the plugins elsewhere in the main zip file.

Timeline for implementing the new requirements

All themes, regardless of when they were first approved on ThemeForest, will need to be compliant with the new requirements.

For new items, we will start applying the requirements from next week. In other words, a week from today, all newly submitted items will be reviewed using these new requirements.

Authors with existing items will have twelve months to be fully compliant with the new requirements but we are hoping to see many authors get ahead and update as soon as possible.

Process for checking compliance of existing items

We’re currently exploring ways to increase the visibility of authors whose items are compliant. This includes changes to our search algorithm to give preferential treatment to those authors who meet the new requirements.

To take advantage of these new benefits, when all of your items are up-to-date, we will soon be introducing a way for you to nominate yourself and your items for review against the new requirements.

We will then review a cross section of your items and if all of them meet the new requirements, you will be eligible to receive our compliance benefits. If we find a small number of issues, we’ll let you know and ask you to fix them so you can become eligible.

If we find too many issues, we’ll ask you to go through all your items and make sure they meet the requirements. A second request for review can be done using the same form but there is a three month delay before the second review will be carried out.

We’ll do our best to review authors and items as quickly as we can but there may be some delays as demand for review grows.

Next Steps

There’s a lot to process with these new requirements and our team is standing by to help you understand things if they are not clear. We’ll be actively monitoring this thread for the next 14 days, responding to questions in batches. Please remember our community guidelines as you post.

Helpful Links

WordPress Theme Requirements
WordPress Plugin Requirements


Wow, big change.
But is there any library or code snippet to add purchase verifying faster?


Purchase Verification is not required, right?

I mean, currently we don’t use it in our theme and it is ok to leave them without Purchase Verification?
If I understand, this part has to do only for authors which already have some kind of Purchase Verification.


From what James outlined above, purchase verification is now required.

Importantly, users must be able to unlock the item using the Purchase Code.

English is not my main language, and how I understand this:

users must be able to unlock

(not required)

users must unlock


But, we will wait for an official answer :slight_smile:

1 Like

This may need to be updated so it’s a little clearer. Key gates are NOT required (actually recommend against key gates completely). However if you choose to implement a keygate then it must support unlocking with a purchase code. Best user experience is no key gates at all :slight_smile:


These new guidelines regarding the things that can be put behind a keygate or how notifications can be displayed will basically encourage (ill-intended) people to buy the item and distribute it to other people. We cannot display a non-dismissible message that can convince the user to buy the item. We also cannot limit the functionality of the item to persuade the user into buying the item. Basically, with these guidelines/rules, one can buy the plugin and distribute it. This will affect our income negatively since it encourages distribution of items. Please correct me if I am wrong. I would appreciate a constructive feedback regarding how this will not encourage pirating and will increase our income. Thanks.

1 Like

Hey All. I’ve updated the main post to clarify that purchase codes must be used, only if you are doing purchase verification. I’ve also done a few formatting tweaks to make things a little clearer.



I’m all for very precise and detailed guidelines - so you have my big thumbs up.

This update is a big + (to which you obviously invested a lot of resources) is long time awaited and asked for.

It would be also very nice that reviewers are also very precise and a bit more detailed in rejection reasons - they often give very vague reasons, and not so rarely simply wrong (sorry, but that was my experience)
But only if enforced in proper and respectful manner. Please remember that we, authors, invest really a lot of time, effort and other resources in creating themes, and hate rejections that are vague, imprecise and really look more like “get off my back, already”. I’m sorry if this sounds too direct (or even rude) - it’s maybe “lost in translation” because of cultural/lingual difference, but I believe in honesty before the politeness.

Give respect, and respect is what you’ll get.

I have a question about a core feature requirement on https://help.author.envato.com/hc/en-us/articles/360000480723.

This point --> Custom solutions are not allowed for the following features, instead, the core feature must be used/supported: Logo / Site Icon / Navigation Menu / Custom Header / Custom Background / Feed Links / Post Thumbnail

My theme works with the ACF Pro plugin and custom fields. I do not use the Wordpress customizer to customize the design. All of them (eg add logo or add custom header for each page) must be set up on my own page for the theme settings.

Why is it necessary to use the customizer? The user experience is interrupted in order to set up the design on two different settings pages. My settings page definitely has more optional user settings than the Wordpress Customizer can do.

There are so many themes and big player themes, they have their own settings page to add a logo or a custom header outside the WordPress customizer.


Ok, I have found one prohibited function ( see here for guildline ) , for which the reviewers will surely search and reject theme:
TGMPA has same name for method in it’s class- the is_plugin_active() .
I hope reviewers will be directed to keep that in mind …
We don’t use that function to check for plugins in our themes, but we do have TGMPA included …

1 Like

Another point is a question about nested plugins. My themes work with the ACF Pro plugin and I’ve nested ACF Pro in the themes as the ACF Pro author requirements on how to use ACF Pro in themes. But when I start the plugin envato theme check, I have many points about this plugin (eg Found remove_filter (); Found add_meta_box, add_theme_page () …). ACF Pro is definitely one of the most popular plugins for WordPress, but I can not change this to fit the required points. What I can do?

As we want Authors to use TGMPA ( amongst other plugins ) we exclude it from Theme Check. Just don’t rename the original files and it won’t show up in Theme Check results.


Yes, it is the right way. But why does not envato exclude the ACF Pro plugin from the theme check? ACF Pro is one of the most popular plugins for WordPress.

Not at this time. We may look at tools around this in future, but at this point we can’t promise if or when that would happen.

1 Like

Finally!!! So many soft rejections because of this unwritten rule, so far.

Why it took so long to understand that is ok to have plugins on our server, instead of adding them in the theme and make the theme 40MB +?!


P.S: Sometimes even reviewers doesn’t care about these rules! (As we understand: Nobody from Envato staff cares about us)


I really hope the reviewers will apply these new rules correctly or the situation will only be worst than now. And now is not good.


we just ran the new Envato Theme Check plugin and noticed the following required error: “Custom meta box functions are allowed for design only. Ensure this is a valid use case.”.

In our theme we have the following options:

  • sidebars
  • header image
  • header type
  • header colors
  • etc.

We add these options using metaboxes so our users can have a different layout and style for each page and post. We also provide a way the users to set these options globally inside the theme options / customizer.

Where should these options be moved to or are the above options all valid use cases?

Thank you for your answer.


The Customizer is a core feature of WordPress now and has been for some time. People expect it to be there and to work in a similar fashion as it did on their last website. The Customizer cannot be disabled or hidden, both for these reasons and because some plugins use it for their settings.

You don’t have to put your settings in the Customizer (we didn’t make that a requirement), but users must be able to access the Customizer and all core settings and they must work. So if users set a site icon via WordPress core, it needs to work.

As the requirements say:

Libraries and scripts included in a theme are considered to be part of the theme and must meet these requirements. For example, if Redux is included in the theme itself, it needs to comply with the above requirements, just as the rest of the theme does. The one exception is the TGM Plugin Activation library, where it has been generated using the ThemeForest option.

Note: Included third-party plugins do not need to meet these requirements, but theme-specific plugins must meet the WordPress Plugin Requirements.

So if you embed ACF in the theme, you need to make it meet these requirements, if you prompt the user to install it as a plugin you don’t - that may be the best option for you. We may consider other libraries to grant an exception to, as we’ve done with TGM, but at this point there is no guarantee that we will, or if we do, when and for which plugins.


Thanks for your comment. We’ll be working to make sure our responses reflect these requirements and we’ll improve them where we can, but it may take a little time before we get it sorted (or realistically, it’s more likely that it’s something we have to continually work on).

1 Like