Recently, I wrote my first plugin called First Comment Redirect. And before that I did a pretty much of research on how to write a secure plugin and there was a code snippet that I found in most of the plugins. The code was this
if ( ! defined( 'ABSPATH' ) ) exit;
So basically what it does is, it adds an extra layer of security by preventing any direct access to your plugin file. ABSPATH is PHP constant defined by WordPress in its core. If you dig the core you will see the code below
define( 'ABSPATH', dirname(dirname(__FILE__)) . '/' );
so if your plugin file is accessed from outside of the WordPress the constant “ABSPATH” will not be defined so it exit the plugin code, preventing any unauthorized access to your code.
You can also see this code in some plugins
if ( ! defined( 'WPINC' ) ) die;
Both code has the same purpose though.
Hope you will implement this simple code in your plugin as well.