WordPress.org

Ready to get started?Download WordPress

Forums

Plugin security (3 posts)

  1. explor1ng
    Member
    Posted 6 years ago #

    I saw that a plugin file can be accessed directly by anyone without going to admin page first, although it will be (mostly) showing error since some WP functions haven't been declared, but still it makes me worried. Is there a defined constant which can be checked at the top of plugin code to determine if it's being run in WP or not? something that we usually use in a php include file.

    if !defined('SOMETHING')
       die();
  2. whooami
    Member
    Posted 6 years ago #

    no there isnt.

    <?php
    if (basename($_SERVER['PHP_SELF']) == basename ( __FILE__ ) ) {
    die();
    }
    ?>

    will work though.

  3. explor1ng
    Member
    Posted 6 years ago #

    ah okay, I'll try it, thanks.
    You seem quite expert in WP, if it's possible, could you answer my other questions, please and please? :) :)

Topic Closed

This topic has been closed to new replies.

About this Topic