Prevent direct access to Plugin file

Recently, I wrote my first plugin called First Comment Redirect.  And before that I did a pretty much of research on how to write a secure plugin and there was a code snippet that I found in most of the plugins. The code was this

if ( ! defined( 'ABSPATH' ) ) exit;

So basically what it does is, it adds an extra layer of security by preventing any direct access to your plugin file. ABSPATH is PHP constant defined by WordPress in its core. If you dig the core you will see the code below

define( 'ABSPATH', dirname(dirname(__FILE__)) . '/' );

so if your plugin file is accessed from outside of the WordPress the constant “ABSPATH” will not be defined so it exit the plugin code, preventing any unauthorized access to your code.

You can also see this code in some plugins

if ( ! defined( 'WPINC' ) ) die;

Both code has the same purpose though.

Hope you will implement this simple code in your plugin as well.

Prevent direct access to Plugin file
Tagged on: