WordPress Plugin Security: Preventing Direct Access
In plugin development, we will create PHP files which can be accessed and/or executed. These files need to be protected from unauthorized access. This is done by doing a check if the file is accessed directly.
There are two approaches which we can implement.
- if ( ! defined('ABSPATH) ) exit;
- if ( ! defined('WPINC') ) exit;
You can improve your plugin security by putting one of these two codes on top of your PHP files. This will in effect block unauthorized access on the files.