Add to collection
Md Riyazuddin

Md Riyazuddin

Verified

Prevent direct access to a WordPress php include file.

I wanted to restrict access to the PHP file directly, but also be able to call it via jQuery $.ajax (XMLHttpRequest).

This code will help you to not prevent direct access in php file and make your site safe as far as possible.


if (empty($_SERVER["HTTP_X_REQUESTED_WITH"]) && $_SERVER["HTTP_X_REQUESTED_WITH"] != "XMLHttpRequest") {
    if (realpath($_SERVER["SCRIPT_FILENAME"]) == __FILE__) { 
        echo 'You are not allowed to Direct Access';
        exit;
    }
}
or

if(!defined('ABSPATH'){
die; 
}

References and Credits

Tagged with: NA

Comments 0

  • Sorry!! No comment posted yet. Become the first user to give comment.
Add a comment

Would you like to write for w3 sniff?

Become part of an amazing group of contributors and authors and start writing for us

Join Now
if (empty($_SERVER["HTTP_X_REQUESTED_WITH"]) && $_SERVER["HTTP_X_REQUESTED_WITH"] != "XMLHttpRequest") {
    if (realpath($_SERVER["SCRIPT_FILENAME"]) == __FILE__) { 
        echo 'You are not allowed to Direct Access';
        exit;
    }
}
or

if(!defined('ABSPATH'){
die; 
}

Feedback submitted successfully.