Security: blocking direct access of php files

In my opinion, the only way to do this (within the context of WordPress) is:

if ( ! defined( 'ABSPATH' ) ) // Or some other WordPress constant
     exit;

The second technique is vague and does give the same level of checking (it only checks that the filename of the main PHP file matches itself, not whether WordPress is loaded, nor if it’s another file of the same name).

And this No script kiddies please! is pointless, I wish this fad would die – just exit silently.

Related Posts:

  1. esc_attr() right way and use
  2. Enforcing password complexity
  3. Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
  4. How Attackers write script into my php files?
  5. Renaming wp-content folder dynamically
  6. How do I create a WP user outside of WordPress and auto login?
  7. Security – Ajax and Nonce use [closed]
  8. Can I write ‘RewriteCond’ using ‘functions.php’?
  9. Is it unsafe to put php in the /wp-content/uploads directory?
  10. Sanitize get_query_var() url parameters
  11. When must I use and verify nonce?
  12. Hiding WordPress Plugin Source Code
  13. Is this code malidcous
  14. Admin username and password
  15. Evaluations of two wordpress security plans against php code injection attack
  16. WordPress custom login form using Ajax
  17. Detect session/cookie variable in wordpress to prevent access to documents
  18. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  19. SQL Injection blocked by firewall
  20. How to prevent XSS alter custom global javascript object & methods in WordPress
  21. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  22. Cannot execute php files in wp-content
  23. How do I get around “Sorry, this file type is not permitted for security reasons”?
  24. Correct and safe way to include php content in my page
  25. Password minimum length in personal subscription [closed]
  26. How to add API security keys into JS of wordpress securely
  27. Is it best to avoid using $wpdb for security issues?
  28. Hardening uploads folder in IIS breaks images
  29. Troll the hackers by redirecting them
  30. Security updates to 3.3.2
  31. how to prevent wordpress admin from logging in via woocommerce my-account page
  32. malware undetectable by multiple scans
  33. Decoded malware code [closed]
  34. Updating From Mobile App – Exposing Site to Hacking
  35. security concerns if using html data-* attribute for l10n?
  36. How to correctly escape an echo
  37. Reject all malicious URL requests functions.php
  38. portfolio site – about this site section – is it safe to post some code
  39. echo cutom css code to WordPress page template file ? is this safe?
  40. How to secure my php forms
  41. $.ajax results in 403 forbidden
  42. Site infected by link
  43. Access WP files on “server 1”, from “server 2” – using wp-load on an external website
  44. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  45. Retrieve $_POST data to send to javascript without using localize script
  46. Previewing/Updating some Pages causes “The requested URL was rejected” Error
  47. What is the best practice for restricting a section to logged in users?
  48. How to quickly/easily make an analysis (reverse engineering) of WordPress?
  49. what to do after instlling cyberpanel on VPS
  50. How to check if a string is a valid URL
  51. Pass media upload value to input field
  52. What does the token %1$s in WordPress represent [closed]
  53. WordPress redirect to landing page if not logged in
  54. Remove class that has been added by parent theme
  55. I want to remove the links from the term list returned by get_the_term_list
  56. How to use a frontend URL with a Plugin
  57. Get list of shortcodes from content
  58. Adding Google Analytics code to the tag of specific pages
  59. Site Health : An active PHP session was detected
  60. Put php variable in shortcode
  61. Create Logout Link WordPress Admin Menu
  62. PHP in post content [closed]
  63. Display post image with fancybox
  64. Is there a WordPress version that is incompatible with PHP 5.3?
  65. WordPress 3.2 query_posts and pagination, permalinks issue
  66. Implement One Time URL Script
  67. Call to undefined function wp() in wp-blog-header.php
  68. How to pass Select value from Javascript to PHP to generate select option on change
  69. WordPress Ajax Call inserting data but success response false
  70. Can’t print Yoast meta description into page template (syntax error, unexpected ‘.’) [closed]
  71. what do I replace get_bloginfo with and where do I find all instances of it?
  72. Using data sent via AJAX in multiple functions on a WP plugin
  73. WordPress archive page showing 404 Error [duplicate]
  74. Utilize Function in Child Theme / Template File
  75. is_page_template showing partial results
  76. Order BY Most Liked And Published Between Previous Week Monday And Next Week Monday
  77. REST API works in browser and via AJAX but fails via cURL
  78. How to display different submenus?
  79. WooCommerce: Display product categories to make IF statement
  80. Unable to access WordPress functions from functions.php
  81. AJAX function not working [closed]
  82. Free search and custom taxonomy query not providing the same result
  83. WordPress api post image raw data without being blank in media library
  84. Run do_shortcode on php template using JS function
  85. removing the standard dashboard widgets in WP so I Can replace with custom
  86. Shortcodes not processing inside post content
  87. Gravity Forms: How to add PHP function to confirmation conditional shortcode?
  88. Change header on one page in WordPress
  89. get_filtered_term_product_counts – Get product terms if any products
  90. How to Protect a private folder inside uploads folder, if User is not Logged In?
  91. Premature end of script headers: wp-mail.php?
  92. When to use wp_register_script() function?
  93. loading a php file to a specific page id
  94. Getting error in sql query
  95. How can I enqueue comment-reply script only on certain page?
  96. Count posts per post-type for last month/week
  97. Conditional in foreach loop is outputting content twice
  98. Particular meta tag – viewport – insertion when dealing with plugin
  99. Cannot install plugins or themes on new WordPress installation at Cloudways
  100. Custom WP LIST Table filter
tech