an automated process attempted to directly access some PHP files in a plugin.
The result(s) were random PHP errors in the log file.
Clearly the plugin writer assumed that access would always be by “an acceptable path”.
Would this be a bad thing to do to keep me safe from plugin misbehavior?
1. create a .htaccess file in the plugins directory
2. add php_value auto_prepend_file /path…/abs.php
where abs.php is
if (!defined('ABSPATH')) exit;
The intention is to have every PHP file quit before doing anything if not being called in the WordPress environment.
- The topic ‘preventing random access to plugin files’ is closed to new replies.