My Plugin Safety doubt

  • Hi,
    I’m developing a new plugin; in the fronthand, i want to check if the plugin is active by using this code:

    <?php
include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
if(is_plugin_active( 'plugin-directory/plugin.php' ) ){
  do-something();
}?>

    Does the first line (include_once …. ) allow the user to bypass the following security line that WordPress suggest to set at the beginning of every php plugin file?

    <?php if ( ! defined( ‘ABSPATH’ ) ) exit;?>

    if yes, how can I check in a secure way “in the fronthand” if a plugin is active?

    • This topic was modified 5 years, 11 months ago by Jan Dembowski. Reason: Formatting
Viewing 4 replies - 1 through 4 (of 4 total)

  • I think this is the documentation you’re looking for:

    https://developer.www.ads-software.com/reference/functions/is_plugin_active/

    It’s describing the exact thing you are doing also with some code examples.

    Thread Starter antonop4u

    (@antonop4u)

    Thank you very much for your answer, but that’s where I’ve got the idea in the first place; on the first of the user contribution notes; I just wonder if it’s safe. In few words I don’t know if it’s not going to “defined( ‘ABSPATH’ )” for all the plugin files:

    <?php if ( ! defined( ‘ABSPATH’ ) ) exit;?>

    Moderator bcworkz

    (@bcworkz)

    Including a PHP file causes the entire file to be parsed, so yes it’s an effective deterrent. You can prove it to yourself by checking for an undefined constant like if ( ! defined( 'FOOBAR' ) ) exit; instead. Subsequent page requests will fail to load due the the exit statement being executed.

    Thread Starter antonop4u

    (@antonop4u)

    Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘My Plugin Safety doubt’ is closed to new replies.