WordPress Plugin Security: Preventing Direct Access

In plugin development, we will create PHP files which can be accessed and/or executed. These files need to be protected from unauthorized access. This is done by doing a check if the file is accessed directly.

There are two approaches which we can implement.

  1. if ( ! defined(‘ABSPATH) ) exit;
  2. if ( ! defined(‘WPINC’) ) exit;

You can improve your plugin security by putting one of these two codes on top of your PHP files. This will in effect block unauthorized access on the files.

References:

WordPress StackExchange Answer

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.