Prevent direct access to a WordPress php include file.

Md Riyazuddin Verified

I wanted to restrict access to the PHP file directly, but also be able to call it via jQuery $.ajax (XMLHttpRequest).

if (empty($_SERVER["HTTP_X_REQUESTED_WITH"]) && $_SERVER["HTTP_X_REQUESTED_WITH"] != "XMLHttpRequest") {
    if (realpath($_SERVER["SCRIPT_FILENAME"]) == __FILE__) { 
        echo 'You are not allowed to Direct Access';
        exit;
    }
}
or

if(!defined('ABSPATH'){
die; 
}

This code will help you to not prevent direct access in php file and make your site safe as far as possible.


References and Credits

Tags

NA

Comments

Leave a Comment