Allowing Direct File Access to plugin files

Question

Allowing Direct File Access to plugin files

Closed this issue a year ago · 0 comments

Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.

You can avoid this by putting this code at the top of all PHP files that could potentially execute code if accessed

if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly

fee-recovery-for-givewp/public/partials/fee-recovery-for-givewp-public-display.php:14