I saw that a plugin file can be accessed directly by anyone without going to admin page first, although it will be (mostly) showing error since some WP functions haven’t been declared, but still it makes me worried. Is there a defined constant which can be checked at the top of plugin code to determine if it’s being run in WP or not? something that we usually use in a php include file.
if !defined('SOMETHING') die();
- The topic ‘Plugin security’ is closed to new replies.