• Hi, once in a while my site generates PHP errors like this:

    Fatal error: Uncaught Error: Call to undefined function get_header() in /home/c501c527/public_html/joewestcott/wp-content/themes/twentynineteen/index.php:17 Stack trace: #0 {main} thrown in /home/c501c527/public_html/joewestcott/wp-content/themes/twentynineteen/index.php on line 17

    I searched online to understand why this is happening, and it seems that it might be a flaw in the Twenty Nineteen index.php file, where it starts with code like this:

    <?php
      get_header();
    ?>

    This code generates a PHP error when anyone (and/or a bot) visits the /twentynineteen/ folder.

    One possible fix I found online is to change the theme code to something like this:

    <?php 
      if (!defined('ABSPATH')) exit;
      get_header(); 
    ?>

    … but we shouldn’t edit stock WordPress theme code.

    Is there another recommended solution?

    Or is this a known bug that the Twenty Nineteen theme developers are working on?

    Thank you,
    Joe

    • This topic was modified 5 years, 5 months ago by Joe Westcott.

    The page I need help with: [log in to see the link]

Viewing 14 replies - 1 through 14 (of 14 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    This is pretty much a known thing in any theme. 🙂

    No real person will ever visit your theme’s directory purposefully.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Yes, the error message is descriptive of the issue. When you run a theme file directly using the full path to the file, you are not using WordPress and the functionality of WordPress doesn’t exist. The function is undefined because you’re not using WordPress. Like James said, I can say with 99.9% confidence that users will never have that error.

    • This reply was modified 5 years, 5 months ago by Andrew Nevins.
    Thread Starter Joe Westcott

    (@redredweb)

    Damned bots. I’m getting these errors several times a day.

    Why does Automattic(?) recommend the following code for plugins, but not for themes?

    Per https://codex.wordpress.org/Writing_a_Plugin

    Security Note: Consider blocking direct access to your plugin PHP files by adding the following line at the top of each of them. Also, be sure to refrain from executing sensitive standalone PHP code before calling any WordPress functions.

    This can be achieved in a few ways. You can either check to see if the ABSPATH constant is defined, or check if a function such as add_action exists. Either method can be used to ensure PHP execution is only allowed when it is included as part of the core system.

    defined( 'ABSPATH' ) or die( 'No script kiddies please!' );

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Automattic is just one of many companies involved in the WordPress community, but it doesn’t control the WordPress project or community in any way: https://wordpress.org/support/article/wordpress-vs-wordpress-com/

    That question would be better for the Theme Review Team: https://make.wordpress.org/themes/

    Only in Brackets editor, I am also having the same issue.
    When I go to the actual site -> http://192.168.10.10/wordpress/ the site works fine.
    But, when I edit the index.php file in Brackets editor and use live preview as
    -> http://192.168.10.10/wordpress/wp-content/themes/GTCoding/index.php
    the error shows up.

    Any way to suppress it so I can finish coding the index.php page and then I can remove the suppress? Is there a fix?

    Appreciate it.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    @taariqq, Do you understand the error? The error is because you’re accessing a file directly without going through WordPress. You’re doing things wrong.

    Thread Starter Joe Westcott

    (@redredweb)

    “You’re doing things wrong.”

    @anevins, do you know why Taariqq is visiting this URL? Did you rule out that perhaps it’s to recreate the problem where Googlebot visits this URL and generates a PHP error as part of its typical crawling activity.

    If Google is “wrong”, that may be, but this also seems to indicate a problem with how some WordPress themes fail to block crawling in locations where legitimate bots are likely to go.

    @taariqq, there seem to be a flaw in WordPress guidelines for themes, where WordPress guidelines are missing a step that are already part of the plugin guidelines.

    For now, it seems that your only option is to point out this problem to the theme developer, and ask them to block this behavior by adding code like the following to the index.php file, in order to block typical bot and script kiddy behavior. This code comes from WordPress’ official guidelines for plugin development — not sure why it’s missing from the theme guidelines.

    defined( 'ABSPATH' ) or die( 'No script kiddies please!' );

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    @redredweb, As stated, Taariqq is trying to run the file directly using the IDE of “Brackets”.

    Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Google won’t report a WordPress error page as an issue, Google isn’t that smart. Your WordPress error page still returns a 200 (all-okay).

    • This reply was modified 5 years, 5 months ago by Andrew Nevins.
    Thread Starter Joe Westcott

    (@redredweb)

    Yes. The resulting error message is currently handled by the server, not by the theme, which is why this particular error appears.

    I think I made a mistake in suggesting the “script kiddies” language that the official WordPrss guidelines suggests for handling this scenario (for plugins) — the error could be a bit more helpful whether it’s for themes or plugins, to cover cases where real people are visiting the index.php file, not just bots and scripts.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    *Reads*

    there seem to be a flaw in WordPress guidelines for themes, where WordPress guidelines are missing a step that are already part of the plugin guidelines.

    There really isn’t.

    This may be repetitive of me but please be patient as I’m trying to be complete.

    This isn’t a bug or security issue. Nothing in the Known Universe should ever call this URL directly.

    https://joewestcott.com/wp-content/themes/twentynineteen/

    Or any theme directory that way. You get a 500 error because that’s how themes are constructed. You can try adding that line but it’s not necessary and 500 errors in that place don’t matter.

    If it bothers you to display error information that way then consider turning off PHP errors.

    
    display_errors = Off
    

    Which is the default on many PHP installations.

    You’ll still get 500 errors but no information will be displayed such as file paths.

    Thread Starter Joe Westcott

    (@redredweb)

    Google won’t report a WordPress error page as an issue

    Two things about this:

    1. The theme-index error is a PHP error generated outside of WordPress, not an error page generated by WordPress or the theme itself. It would be nice if WordPress themes handled the error.

    2. I’ve seen Googlebot try to index theme index files, and report a problem when it does. This problem appears in Google Search Console fairly regularly for some sites that I’ve managed.

    Thread Starter Joe Westcott

    (@redredweb)

    Actually, in an ideal design, WordPress guidelines would state the the use of index.php files should be restricted to paths that are directly accessible by the public, including search engine crawlers and other bots.

    Or else if a given index.php file is not meant to be publicly-accessible, then the theme developer should manually insert code to the start of their index.php file to indicate as much, and then exit or fail gracefully.

    Preferably, this would not generate a PHP error message, because (1) the PHP code has not failed and (2) the visitor is exhibiting anticipated behavior even if the behavior is not desirable in many contexts.

    Thread Starter Joe Westcott

    (@redredweb)

    For what it’s worth, I checked out https://make.wordpress.org/themes/ and the “Support” link on that page leads back here. :/

    I’ll look into joining the Theme Review discussion to see if there’s a way to flag this issue and discuss potential fixes.

    • This reply was modified 5 years, 5 months ago by Joe Westcott. Reason: Now with less "grumble"
Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Uncaught Error: Call to undefined function get_header()’ is closed to new replies.