WordPress Plugin Security: Preventing Direct Access

In plugin development, we will create PHP files which can be accessed and/or executed. These files need to be protected from unauthorized access. This is done by doing a check if the file is accessed directly.

There are two approaches which we can implement.

  1. if ( ! defined('ABSPATH) ) exit;
  2. if ( ! defined('WPINC') ) exit;

You can improve your plugin security by putting one of these two codes on top of your PHP files. This will in effect block unauthorized access on the files.


WordPress StackExchange Answer