Clarity needed on usage of multiple 403 forbidden header() functions at the beginning of the plugin files

The proper way to send a status (when WordPress is not available) is:

http_response_code( 403 );

See the PHP Manual for its definition.

But in Plugin files, this should never be the “default” code on top of a file header. See Worthwhile to restrict direct access of theme files? for a discussion.

In WordPress, use status_header( 403 ) if you need it.

A note on the code you’ve posted:

header( 'Status: 403 Forbidden' );
header( 'HTTP/1.1 403 Forbidden' );

The first line is a “special” treatment for PHP running in CGI mode, the second is using a specific HTTP protocol version without any check. If the connection is over HTTP 2 or 1.1, this makes no sense.

Both are wrong, because the correct way to send the proper status with header() is using the second and the third argument of that function.

So this would work better:

header( 'Status: 403 Forbidden', true, 403 );

The second argument tells PHP to overwrite other headers with the same name, the third is for the real status. The code that you posted is a good counter-example. 🙂

Related Posts:

  1. How can I change HTTP headers only to posts of a specific category from a plugin
  2. WordPress Plugin Development – Headers Already Sent Message
  3. Headers already sent error with CSV export plugin
  4. Get file headers in custom file
  5. Using ob_start() in plugin
  6. Adding custom code into header.php using a plugin
  7. The plugin generated 80 characters of unexpected output!
  8. Cannot modify header information – headers already sent by pluggable.php
  9. Header Button Chance Polylang Elementor
  10. Redirect user to a particular link in 10 seconds after using wp_die
  11. An echo line in a transition_post_status action leads to “cannot modify header information – headers already sent by”
  12. Proper way to pass credentials in a custom login form to avoid “headers already sent”
  13. Why does wp_remote_post returns an empty body response on certain endpoints?
  14. Serve text/html from wp-json API via WPEngine, headers not being set properly
  15. How to give a download link to a .csv file from the custom plugin?
  16. Adding custom stylesheet into header.php using a plugin
  17. Need Help Determining Where Header Error is Happening
  18. Why does website stretch and white space on load? [duplicate]
  19. Downloading File via headers doesnt work
  20. WordPress Favicon not Working For Images/Videos/PDFs
  21. Two same AJAX calls – one is working, other doesn’t
  22. Some data has already been output, can’t send PDF file – fpdf issue in WordPress
  23. Headers already sent on custom plugin (Export function)
  24. How to force download a plugin generated file?
  25. Is it safe to use PUT and DELETE requests
  26. Adding Custom Text Patterns in the WP 4.5 Visual Editor
  27. How to create an API for my plugin?
  28. Plugins in symlinked directories?
  29. How to use PanelColorSettings in custom Gutenberg block?
  30. Is there a way for a plug-in to get it’s own version number?
  31. How to add tab which is visible only in admin side of product in woocommerce? [closed]
  32. Enqueue script only when shortcode is used, with WP Plugin Boilerplate
  33. add_filter OO with parameters
  34. Preferred way to include Advanced Custom Fields in a plugin?
  35. How to link to images in my plugin regardless of the plugin folder’s name
  36. ERROR: Options page not found – saving settings page with tabs
  37. Can I leave out `if ( ! defined …)` when defining plugin constants?
  38. Using the component outside the editor. select(‘core’) is null
  39. Gutenberg is there a way to know if the current block is reusable?
  40. Any ideas how to make unit test read the theme functions.php?
  41. WordPress Ajax callback function from plugin – OOP
  42. Is there any way to have Featured Text, as opposed to Featured Image?
  43. StackExchange clone using WordPress?
  44. Custom url for a plugin page add_rewrite_rule WordPress
  45. Custom attribute type not displaying terms in edit product – WooCommerce
  46. How do I add a prefix when a user registers
  47. Verify if user is wordpress logged in from another app since wordpress 4.0
  48. how to get link of added document with a post
  49. Doubts about the use of metadata and how this can affect performance on WordPress
  50. How can I replace content in the WP Admin area before an admin page is rendered?
  51. update_post_meta not working in a loop
  52. When is the proper time to minify css and js with git workflow?
  53. Get draggable widgets on Edit Post page
  54. Plugin that saves form data
  55. how to invoke wordpress API from other existing PHP system
  56. Warning: include(): https:// wrapper is disabled in the server configuration by allow_url_include=0
  57. update your existing plugin’s WordPress compatibility
  58. How to get the post excerpt using post object?
  59. jquery & ajax sending data to php
  60. How to import the css in the plugin admin area?
  61. Can I use %category% like Templates in my Plugin?
  62. How to get the url of logo image?
  63. jquery in wordpress plugin with depdendency
  64. Replace first occurence of a word with link [closed]
  65. Converting core modification to a plugin
  66. wordpress automatic update does not run
  67. Adding filter to the title without affecting the menu title
  68. How to show multiple instances of the WP125 Widget?
  69. How can the_excerpt (or equivalent) be called on a category description?
  70. Plugin Creation: Overriding upload_max_size and post_max_size
  71. How to call a function from a shortcode function in an oop plugin
  72. How to access index file in Block Themes?
  73. Posts form with AJAX request – Plugin development
  74. Multiple TinyMCE on button click is initialized and appended but why only last one is writeable?
  75. How to create a custom post-new.php page for plugin , no wp menu
  76. How to create a custom WordPress page with my plugin?
  77. Want to know how to reveal a WordPress theme, considering the theme name is hidden?
  78. Where to add functions and code snippets in wordpress
  79. How to re-render inspector controls?
  80. Sanitize WordPress Array Input?
  81. Shortcode content is not showing. Only the [shortcode-tag] is showing
  82. How to remove the WooCommerce Product->Category thumbnail from admin [closed]
  83. Is it possible to replace MySQL with JSON files for WordPress
  84. Creating a virtual page without exit
  85. Plugin Development – Call to undefined function comment_exists()
  86. Replace “content-area” of themes 404 page with plugin?
  87. Autoloading & Namespaces in WordPress Plugins & Themes: Can it Work?
  88. WordPress doesn’t create table on plugin activation
  89. Create Customization panel for Plugins not for theme
  90. How is construct function working even when variable is assigned null value?
  91. Allow user to change homepage
  92. Custom signature appears twice on page
  93. Declaring a new woo commerce product type i get this error
  94. wp_mail links are dead
  95. List Available Templates for Current Theme in a Plugin
  96. Adding Third Post Box Column: postbox-container-3
  97. WooCommerce custom payment gateway
  98. Multi-part form and wp_redirect()
  99. Sharing changes to a post (preview changes) with another user
  100. I want to redirect user to an amazon product page from my wordpress website when they add product to there cart [closed]

Leave a Comment