How to prevent direct access to theme files

  • Resolved shine.nazeer87

    (@shinenazeer87)


    10 years, 3 months ago

    hi all, is there any way that i can prevent direct access to the theme files
    ex: https://example.com/wp-content/themes/themename/header.php

    if i am accessing these files, its showing error so i need to stop showing this error as its showing the directory structure
    ex: Fatal error: Call to undefined function language_attributes() in /home/[username]/public_html/example.com/wp-content/themes/themename/header.php on line 2

    please help

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi shine.nazeer87

    You can prevent directory browsing access using the .htaccess file to stop people browsing your theme and plugin directories. BUT, this won’t stop them from directly accessing files, like you’ve described.

    WordPress suggests the following security measure for theme authors (from https://codex.www.ads-software.com/Theme_Development#Template_Files):

    Security Note: Consider blocking direct access to your theme PHP files by adding the following line at the top of them, or be sure to refrain from executing sensitive standalone PHP code before calling any WordPress functions.

    defined('ABSPATH') or die("No script kiddies please!");

    If you put that at the top of your php files, people won’t be able to directly access them. That said, it’s always poor form to go editing a theme’s files directly, as you’ll lose all the changes you make if you update the theme.

    Thread Starter shine.nazeer87

    (@shinenazeer87)

    @andrewcrook thanks for the info. I’ll add this line.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to prevent direct access to theme files’ is closed to new replies.