Support » Plugins » Plugin security

  • I saw that a plugin file can be accessed directly by anyone without going to admin page first, although it will be (mostly) showing error since some WP functions haven’t been declared, but still it makes me worried. Is there a defined constant which can be checked at the top of plugin code to determine if it’s being run in WP or not? something that we usually use in a php include file.

    if !defined('SOMETHING')
Viewing 2 replies - 1 through 2 (of 2 total)
  • whooami



    no there isnt.

    if (basename($_SERVER['PHP_SELF']) == basename ( __FILE__ ) ) {

    will work though.

    ah okay, I’ll try it, thanks.
    You seem quite expert in WP, if it’s possible, could you answer my other questions, please and please? 🙂 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Plugin security’ is closed to new replies.