What is meant by [if (! Defined ("ABSPATH"))]

I am currently creating a WordPress theme from scratch as a "learn at work" tool. I have average experience working with backend work, although in the past I was very dependent on PageBuilders. Now I want to create a theme without any Pagebuilders to increase its download speed, etc.

I am currently looking at security for site files and came across the following term:

<?php 
    if ( ! defined( 'ABSPATH' ) ) {
        exit; // Exit if accessed directly
    }
?>

I understand that this will prevent direct access to web files. I'm not quite sure what is meant by this. For example, I could still access files through FTP, through the Server, and through the WordPress toolbar. Is there any other direct access that prevents this? Perhaps banning access through WordPress plugins, etc.

With this in mind, can I correctly assume that the above code should be placed in each file in the subject as a standard? Will there be exceptions?

Any further explanation for this would be very helpful.

+6
source share
1 answer

This prevents the public user from accessing your .php files via the URL. Because if your file contains some I / O, it can be invoked (by an attacker), and this can lead to unexpected behavior.

So, using fragments can prevent access from your files (directly) and ensures that your theme files will only run in the WordPress environment.

Application:

  • It can be placed at the top of any of your PHP files (theme and plugin)
  • wp-config.php

,

+5

Source: https://habr.com/ru/post/1016299/


All Articles