In the WordPress system, theme is a component that controls the appearance of a website. It’s a required component. That is why a brand new WordPress installation comes with a default theme. You can have more than one theme on your WordPress site but only one theme can be activated. While you can install multiple themes on your WordPress, it’s recommended to install only one theme for a security reason. In the theme builder era like today, you can control the appearance of your site yourself after all.
If you have a large WordPress-powered website with some users with an administrator level, it would be a great idea to make a configuration to prevent an administrator-level user to install a new WordPress theme. To do so, you can edit the wp-config.php file.
To get started, log in to your hosting panel and open the file manager and seek the wp-config.php, which lies on the top directory of the WordPress installation (public_html in most cases). Once the file is found, edit it. You can edit the file using the built-in editor of your hosting panel or download it first and edit it using your favorite editor (i.e. Notepad) and then re-upload the edited file. Add the following line to the wp-config.php file.
define('DISALLOW_FILE_MODS', true);
You can place the line above beneath the last line on the wp-config.php content.
Don’t forget to update the file after editing it. From now on, you should see no Add New button every time you go to the theme manager page on your WordPress dashboard (Appearance -> Themes).
One thing to note that the configuration above also disables the new plugin installation. If you need to install a new plugin, you need to change the configuration. You can simply change the value from true to false.
Lastly, just in case everything is not going as expected, you can backup the wp-config.php file before you edit it.