Plugin security

  • I saw that a plugin file can be accessed directly by anyone without going to admin page first, although it will be (mostly) showing error since some WP functions haven’t been declared, but still it makes me worried. Is there a defined constant which can be checked at the top of plugin code to determine if it’s being run in WP or not? something that we usually use in a php include file.

    if !defined('SOMETHING')
   die();
Viewing 2 replies - 1 through 2 (of 2 total)

  • no there isnt.

    <?php
if (basename($_SERVER['PHP_SELF']) == basename ( __FILE__ ) ) {
die();
}
?>

    will work though.

    Thread Starter explor1ng

    (@explor1ng)

    ah okay, I’ll try it, thanks.
    You seem quite expert in WP, if it’s possible, could you answer my other questions, please and please? ?? ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Plugin security’ is closed to new replies.