WordPress.org

Support

Support » Plugins and Hacks » Plugin security

Plugin security

  • I saw that a plugin file can be accessed directly by anyone without going to admin page first, although it will be (mostly) showing error since some WP functions haven’t been declared, but still it makes me worried. Is there a defined constant which can be checked at the top of plugin code to determine if it’s being run in WP or not? something that we usually use in a php include file.

    if !defined('SOMETHING')
       die();
Viewing 2 replies - 1 through 2 (of 2 total)
  • whooami

    @whooami

    Member

    no there isnt.

    <?php
    if (basename($_SERVER['PHP_SELF']) == basename ( __FILE__ ) ) {
    die();
    }
    ?>

    will work though.

    ah okay, I’ll try it, thanks.
    You seem quite expert in WP, if it’s possible, could you answer my other questions, please and please? 🙂 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Plugin security’ is closed to new replies.
Skip to toolbar