You need to use ( ! defined( 'ABSPATH' ) in Wordpress

Asked

Viewed 371 times

0

At the end of studies I am creating a Wordpress theme, in completion phase.

Throughout creation I came across the following code, we call "code1":

if ( ! defined( 'ABSPATH' ) ) {
    exit; // Exit if accessed directly.
}

Which prevents direct access to my . php files directly from the URL.

This we call "code2", found in wp-config.php:

/** Caminho absoluto para o diretório WordPress. */
if ( !defined('ABSPATH') )
   define('ABSPATH', dirname(__FILE__) . '/');

Below is my question:

Then it would be recommended to add the "code1" in the pages of the Wordpress theme? or it has the same function of the "code2" found in wp-config.php

Came to me is doubtful after seeing the "code1" within a Wordpress theme already ready, which contained the "code1" within all. php files.

php wordpress

1 answer

2


As the constant ABSPATH is set right at the beginning of the Wordpress loading process, it is guaranteed that it will exist when your theme is loaded normally. Now, imagine someone trying to access a URL like this:

https://seusite.com/wp-content/themes/seutema/functions.php

functions.php usually contains calls from functions defined outside it, such as add_action(). When the theme is loaded by WP, these functions will be declared before functions.php is loaded. In direct access, these functions will not be defined and the attempt to call them will generate an error. This error, if displayed, will expose the absolute path of the file on the server. Something like this:

Fatal error: Call to Undefined Function add_action() in /home/usuario/public_html/wp-content/themes/seutema/functions.php on line 1

That additional information - /home/usuario/public_html, in the hands of someone malicious, can help to exploit some vulnerability of your code or your environment.

Browser other questions tagged php wordpress

You are not signed in. Login or sign up in order to post.