While developing a WordPress plugin, it is really crucial to prevent direct access to its files. As you may never know, what might happen if someone has direct access to your plugin’s PHP files. Considering a Worst Case Scenario, they can have remote code execution (RCE)
Remote Code Execution (RCE): As the name suggests, is a security vulnerability that allows an attacker to execute codes from a remote server. Which can result in taking complete control of your system.
Well direct access to your WordPress file can be prevented by adding the following lines of code above the main code:
if (!defined('ABSPATH')) exit; or
if ( ! defined( 'WPINC' ) ) die;
You can use either of the code, both will do the same thing. “WPINC” and “ABSPATH” are constants that are defined when WordPress is loading. Normally, when requesting a front-end page “ABSPATH” will be defined by the file /wp-load.php and “WPINC” will defined later when the file /wp-settings.php is loaded. Since neither one of those files will have been loaded when first accessing a plugin’s file directly, it doesn’t matter which one you check for, so you just need to add one of those line before the rest of the code in the file to prevent direct access.
How to add Typing Effect / Type Writer Effect to your text Using JavaScript
How to Create a full screen video background using HTML, CSS
How to Create an Off-Canvas Menu / Side Bar Navigation
How To Create a Coming Soon Page / Maintenance Page Using HTML, CSS and JavaScript
How to Create Weight Converter using HTML and JavaScript
How to create a Scroll indicator with CSS and JavaScript
How to Convert Color image to Black & White using CSS Filter ( Color to Grayscale)
How to Create a JavaScript Countdown Timer
How to Create an Avatar image with CSS
