🏡 Home

WordPress Plugin Security: Preventing Direct Access

In plugin development, we will create PHP files which can be accessed and/or executed. These files need to be protected from unauthorized access. This is done by doing a check if the file is accessed directly.

There are two approaches which we can implement.

  1. if ( ! defined('ABSPATH) ) exit;
  2. if ( ! defined('WPINC') ) exit;

You can improve your plugin security by putting one of these two codes on top of your PHP files. This will in effect block unauthorized access on the files.

References:

WordPress StackExchange Answer