Prevent Direct Access to Theme/Plugin Files

11/29/2017 - 6:39 PM

Prevent Direct Access to Theme/Plugin Files

Mike Jolley - Keeping your shit secure: mikejolley.com/2013/08/13/keeping-your-shit-secure-whilst-developing-for-wordpress

Acunetix - Top Tips to Prevent a WordPress hack: acunetix.com/websitesecurity/preventing-wordpress-hack

restrict-direct-access.htaccess

# Restrict direct access to PHP files from theme or plugin directories
# Place in root .htaccess file
 
# Restrict direct access to PHP files from plugin directories
 
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
 
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
 
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
 
 
# Restrict direct access to PHP files from theme directories
 
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
 
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
 
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]

wp-exit-if-accessed-directly.php

// Prevent Direct Access to Theme/Plugin files
// Place at the top of your theme or plugin files
 
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Prevent Direct Access to Theme/Plugin Files