Security: blocking direct access of php files

In my opinion, the only way to do this (within the context of WordPress) is:

if ( ! defined( 'ABSPATH' ) ) // Or some other WordPress constant
     exit;

The second technique is vague and does give the same level of checking (it only checks that the filename of the main PHP file matches itself, not whether WordPress is loaded, nor if it’s another file of the same name).

And this No script kiddies please! is pointless, I wish this fad would die – just exit silently.

Related Posts:

  1. esc_attr() right way and use
  2. Enforcing password complexity
  3. Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
  4. How Attackers write script into my php files?
  5. Renaming wp-content folder dynamically
  6. How do I create a WP user outside of WordPress and auto login?
  7. Security – Ajax and Nonce use [closed]
  8. Can I write ‘RewriteCond’ using ‘functions.php’?
  9. Is it unsafe to put php in the /wp-content/uploads directory?
  10. Sanitize get_query_var() url parameters
  11. When must I use and verify nonce?
  12. Hiding WordPress Plugin Source Code
  13. Is this code malidcous
  14. Admin username and password
  15. Evaluations of two wordpress security plans against php code injection attack
  16. WordPress custom login form using Ajax
  17. Detect session/cookie variable in wordpress to prevent access to documents
  18. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  19. SQL Injection blocked by firewall
  20. How to prevent XSS alter custom global javascript object & methods in WordPress
  21. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  22. Cannot execute php files in wp-content
  23. How do I get around “Sorry, this file type is not permitted for security reasons”?
  24. Correct and safe way to include php content in my page
  25. Password minimum length in personal subscription [closed]
  26. How to add API security keys into JS of wordpress securely
  27. Is it best to avoid using $wpdb for security issues?
  28. Hardening uploads folder in IIS breaks images
  29. Troll the hackers by redirecting them
  30. Security updates to 3.3.2
  31. how to prevent wordpress admin from logging in via woocommerce my-account page
  32. malware undetectable by multiple scans
  33. Decoded malware code [closed]
  34. Updating From Mobile App – Exposing Site to Hacking
  35. security concerns if using html data-* attribute for l10n?
  36. How to correctly escape an echo
  37. Reject all malicious URL requests functions.php
  38. portfolio site – about this site section – is it safe to post some code
  39. echo cutom css code to WordPress page template file ? is this safe?
  40. How to secure my php forms
  41. $.ajax results in 403 forbidden
  42. Site infected by link
  43. Access WP files on “server 1”, from “server 2” – using wp-load on an external website
  44. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  45. Retrieve $_POST data to send to javascript without using localize script
  46. Previewing/Updating some Pages causes “The requested URL was rejected” Error
  47. What is the best practice for restricting a section to logged in users?
  48. How to quickly/easily make an analysis (reverse engineering) of WordPress?
  49. what to do after instlling cyberpanel on VPS
  50. add onchange to select in a wp form
  51. WordPress Customizer Default Image
  52. How to list commenters and days since last commented
  53. How to show/hide php table rows based on the content of custom fields
  54. How can I include shortcodes within PHP?
  55. How to execute html code inside php?
  56. PHP Warning: strip_tags() expects parameter 1 to be string?
  57. Run str_replace on title and save the output to a custom field
  58. Which function crops images in wordpress?
  59. Using a $GET parameter from a URL, to redirect to a URL (WordPress)
  60. How to determine from a different folder (outside wordpress) if a visitor is logged into WordPress
  61. WordPress function and string as variable?
  62. Delete taxonomy and delete all post related it
  63. Is a series of update_option calls safe, performance wise?
  64. plugin add action hook is not working :
  65. How to call multiple functions from multiple files into a WordPress page template [closed]
  66. Theme’s Options Page included with require_once *.php in functions.php not visible anymore
  67. wp-options keep crashing please help
  68. wp_insert_post: array only. wp_update_post: array|object (?)
  69. what do I replace get_bloginfo with and where do I find all instances of it?
  70. Remove dash from blog title wordpress
  71. Using data sent via AJAX in multiple functions on a WP plugin
  72. Querying Database with wpdb
  73. What is the difference in the WP memory limits?
  74. Limit Taxonomy Output in Conditional Statement
  75. Problem with AJAX in wordpress plugin
  76. WordPress archive page showing 404 Error [duplicate]
  77. wp_redirect only works on main site and not on other sites
  78. How to remove coupon dropdown feature
  79. Is it possible to define variables in a wordpress shortcode, and then call the shortcode using a specific variable?
  80. Is it save to use eval for a jQuery callback method coming from the database?
  81. Division by zero error in image.php
  82. linking stylesheets and scripts with functions.php
  83. Jquery window.send_to_editor function
  84. PHP include statement not working?
  85. Code Executing Too Late?
  86. Double jQuery loaded
  87. PHP: Showing currency sign if input is a number
  88. Displaying text if post was within 5 hours
  89. New walker for walker_nav_menu to change inside container data
  90. load ajax using admin-ajax.php
  91. Create a WordPress shortcode using PHP [duplicate]
  92. Trying to prepend a Hashtag symbol to the_tags links [closed]
  93. What does -> mean in WordPress?
  94. Add data-id attribute to child page links
  95. WP_OPTIONS table, active_plugins entry [closed]
  96. Parsing Menu Items and Blog Posts
  97. Store post content in a php variable and output them using for loop
  98. Pagination on Custom Post
  99. Resize image to specific dimension (X to Y ratio)
  100. Fixing Memory Leaks in WordPress (HHVM)
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)