Menu
I am currently building a WordPress Theme from scratch, as a means to 'learn on the job'. I have moderate experience with backend work, though I have been heavily reliant of PageBuilders in the past. I now wish to create a Theme without any Pagebuilders as a means to increase its Load Speed etc.
For now, I am currently looking at security for website files and came across the following term:
<?php if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly } ?> I am of the understanding that this would prevent direct access to the web files. I am not entirely sure what is meant by this. For example, I could still access the file(s) via FTP, through the Server and via the WordPress Dashboard. Is there some other direct access that this prevents? Maybe preventing access via WordPress Plugins etc?
With this in mind, would I be right to assume that the above code should be placed on every file within the theme as standard? Would there be any exceptions?
Any further explanation on this, would be greatly appreciated.
542
ABSPATH is a PHP constant defined by WordPress at the bottom of wp-config. php : /* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory.
ABSPATH can be used when pointing to Core files, but it will not function correctly if used to locate files/folders within wp-content . For example, the following on Pressable: $target_path = ABSPATH . 'wp-content/plugins/order-tracking/order-sheets/';
WPINC (WordPress Constant)
It prevent public user to directly access your .php files through URL. Because if your file contains some I/O operations it can eventually be triggered (by an attacker) and this might cause unexpected behavior.
So, Using the snippets can prevent access from your files (directly) and ensures that your Theme files will be executed within the WordPress environment only.
Usage:
Hope it helps
134
ABSPATH is a PHP constant defined by WordPress at the bottom of wp-config.php:
/* That's all, stop editing! Happy blogging. */ /** Absolute path to the WordPress directory. */ if ( !defined('ABSPATH') ) define('ABSPATH', dirname(__FILE__) . '/'); As you can see on the comment block above, WordPress does not recommend to modify these lines of code - probably because many plugins and themes rely on ABSPATH to verify if their PHP files are being executed within the WordPress environment.
If you use this snippet at the top of your wp-config.php file, you will terminate the execution of the wp-config.php, because ABSPATH has not been defined yet at that point. And other files that depend on wp-config.php will fail (i.e. you will break your website).
if ( ! defined( 'MY_CONSTANT' ) ) { exit; } is a snippet widely used by PHP files of plugins and themes only by convention. In theory, it means you can add your own constant at the bottom of your wp-config.php, and you will get the same practical result.
Your wp-config.php:
if ( !defined('MY_CONSTANT') ) define('MY_CONSTANT', 'fool'); Your theme or plugin file:
<?php if ( ! defined( 'MY_CONSTANT' ) ) { exit; // Exit if accessed directly } More Info
Defining a constant in PHP: http://php.net/manual/en/language.constants.syntax.php
PHP magic constants: http://php.net/manual/en/language.constants.predefined.php
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
