Shopify already generates a default robots.txt file. Create a robots.txt.liquid template only when you need custom rules, keep Shopify’s default groups and sitemap output, then append crawler-specific AI blocks instead of replacing the entire file with a generic static template.
Shopify generates a robots.txt file automatically, and its default configuration works for most stores. When you need AI-specific controls, create a robots.txt.liquid template and output Shopify’s existing groups before appending your custom crawler rules. This avoids discarding platform rules that protect crawl efficiency for carts, searches, account flows, filters, and other store URLs.
{% for group in robots.default_groups %}
{{- group.user_agent }}
{% for rule in group.rules %}
{{- rule }}
{% endfor %}
{% if group.sitemap != blank %}
{{- group.sitemap }}
{% endif %}
{% endfor %}
User-agent: GPTBot
Disallow: /
User-agent: ClaudeBot
Disallow: /
User-agent: CCBot
Disallow: /
User-agent: Google-Extended
Disallow: /
The exact whitespace can be refined with Liquid whitespace control, but the important design is to keep the default groups and add only the extra policy you need.
Create robots.txt.liquid in the active theme
In Shopify’s theme code editor, open the Templates folder, create a new file named robots.txt.liquid, and add the reviewed template. Shopify supports a limited set of Liquid objects in this file, including robots, groups, rules, user agents, sitemap, and request data.
A theme change can alter which template is active, so document the customization and verify it after publishing or switching themes. Work in a duplicate theme first when the store is live and revenue-sensitive.
Choose crawler rules according to store goals
The example blocks several training or AI-use controls while preserving Shopify’s normal search behavior. Do not add User-agent: * with Disallow: / unless the entire storefront should disappear from compliant crawling. If AI search visibility is valuable, keep search-oriented agents separate from training-oriented agents rather than copying a blanket “block all AI” list.
Robots.txt does not protect customer accounts, order information, unpublished products, wholesale pricing, or paid resources. Shopify’s authentication and application permissions must enforce those restrictions.
Avoid common Shopify mistakes
Replacing all default output with a few static AI rules.
Removing the sitemap generated through Shopify’s default groups.
Blocking product, collection, image, CSS, or JavaScript URLs without testing storefront rendering.
Editing an unpublished theme while assuming the live store has changed.
Using robots.txt as a substitute for store privacy or access controls.
Verify the published store
Open https://your-store-domain.com/robots.txt after publishing the theme.
Confirm that Shopify’s default groups, sitemap, and custom AI groups are all present.
Recheck the file after a theme switch or major storefront change.
FAQ
Does Shopify already have a robots.txt file?
Yes. Shopify generates a default robots.txt file for stores. Create robots.txt.liquid only when you need a reviewed customization.
Should I replace Shopify’s default robots.txt with plain text?
Usually not. Shopify recommends using the provided Liquid objects so default rules can continue to reflect platform SEO practices while you add targeted custom rules.
Where do I edit robots.txt on Shopify?
In the active theme’s code editor, create or edit the Templates/robots.txt.liquid file, preferably after testing the change in a duplicate theme.
Can I block AI crawlers without blocking Google Search?
Yes. Add crawler-specific groups such as GPTBot or ClaudeBot and avoid a broad wildcard block that would also apply to Googlebot.
Will robots.txt secure customer or order data?
No. Robots.txt is a public crawler instruction. Customer, order, account, wholesale, and private resources require Shopify’s real authentication and authorization controls.
We use essential storage for security and core features. With your permission, we may also use analytics and advertising technologies. Rejecting optional technologies does not block access to the site.
Non-essential categories are off unless you choose to enable them. You can return to these settings at any time from the footer.
Global Privacy Control is active.Your browser has requested an opt-out from sale, sharing, and targeted advertising. Advertising remains disabled.
Strictly necessary
Supports security, server sessions, form protection, administrator sign-in, and remembering your privacy choice.
Analytics
Allows Google Analytics to measure visits and interactions so the site can be improved. It is not loaded before permission.
Advertising and cross-site measurement
Allows advertising technologies when they are configured. This may involve ad delivery, fraud prevention, measurement, personalization, or cross-context advertising.
Your choice is stored for 180 days using a first-party preference cookie. A material policy change can ask you to choose again.