Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is meant by [if ( ! defined( 'ABSPATH' ) )]

Tags:

php

wordpress

I am currently building a WordPress Theme from scratch, as a means to 'learn on the job'. I have moderate experience with backend work, though I have been heavily reliant of PageBuilders in the past. I now wish to create a Theme without any Pagebuilders as a means to increase its Load Speed etc.

For now, I am currently looking at security for website files and came across the following term:

<?php      if ( ! defined( 'ABSPATH' ) ) {         exit; // Exit if accessed directly     } ?> 

I am of the understanding that this would prevent direct access to the web files. I am not entirely sure what is meant by this. For example, I could still access the file(s) via FTP, through the Server and via the WordPress Dashboard. Is there some other direct access that this prevents? Maybe preventing access via WordPress Plugins etc?

With this in mind, would I be right to assume that the above code should be placed on every file within the theme as standard? Would there be any exceptions?

Any further explanation on this, would be greatly appreciated.

like image 542
Craig Avatar asked Apr 04 '17 16:04

Craig


People also ask

What is defined Abspath?

ABSPATH is a PHP constant defined by WordPress at the bottom of wp-config. php : /* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory.

What is Abspath in WP?

ABSPATH can be used when pointing to Core files, but it will not function correctly if used to locate files/folders within wp-content . For example, the following on Pressable: $target_path = ABSPATH . 'wp-content/plugins/order-tracking/order-sheets/';

What is Wpinc?

WPINC (WordPress Constant)


2 Answers

It prevent public user to directly access your .php files through URL. Because if your file contains some I/O operations it can eventually be triggered (by an attacker) and this might cause unexpected behavior.

So, Using the snippets can prevent access from your files (directly) and ensures that your Theme files will be executed within the WordPress environment only.

Usage:

  1. It can be placed at the top of any of your PHP files (theme & plugin)
  2. It can be placed at the top of your wp-config.php

Hope it helps

like image 134
devsam247 Avatar answered Sep 22 '22 04:09

devsam247


ABSPATH is a PHP constant defined by WordPress at the bottom of wp-config.php:

/* That's all, stop editing! Happy blogging. */  /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') )     define('ABSPATH', dirname(__FILE__) . '/'); 

As you can see on the comment block above, WordPress does not recommend to modify these lines of code - probably because many plugins and themes rely on ABSPATH to verify if their PHP files are being executed within the WordPress environment.

If you use this snippet at the top of your wp-config.php file, you will terminate the execution of the wp-config.php, because ABSPATH has not been defined yet at that point. And other files that depend on wp-config.php will fail (i.e. you will break your website).

if ( ! defined( 'MY_CONSTANT' ) ) { exit; } is a snippet widely used by PHP files of plugins and themes only by convention. In theory, it means you can add your own constant at the bottom of your wp-config.php, and you will get the same practical result.

Your wp-config.php:

if ( !defined('MY_CONSTANT') )     define('MY_CONSTANT', 'fool'); 

Your theme or plugin file:

<?php      if ( ! defined( 'MY_CONSTANT' ) ) {         exit; // Exit if accessed directly     } 

More Info

Defining a constant in PHP: http://php.net/manual/en/language.constants.syntax.php

PHP magic constants: http://php.net/manual/en/language.constants.predefined.php

like image 42
Thiago Santos Avatar answered Sep 22 '22 04:09

Thiago Santos