Why would someone use function_exists(‘add_action’) in a plugin?

As you understand correctly, this is a way to ensure the file is included from wordpress core and it is not accessed directly.

  1. Most wordpress installations do not prevent a direct access to any file, therefor his check is needed to prevent bad actors from exploiting know weakness in a specific file’s code.

  2. Yes we do. To be fair to core, if you follow the coding standards of “php file inclusion should either have side effects or have only declaration and implementation of functions and classes, never both” (I am probably misquoting) and you have the tools to enforce it, the amount of code that needs such a protection is much lower. Still I also consider it a weak security practice by core.

Notes:

  1. I prefer to check against the existance of ABSPATH which means that wp-config.php was included and therefor the file in question can be included early before add_action is declared, although in practice there is probably zero difference.
  2. Don’t use exit this IIRC will make the webserver return HTTP code 200 and the page might be cached by search engines which might be annoying, use die(403) instead.

Related Posts:

  1. override pluggable.php functions
  2. Plugin Development – Call to undefined function comment_exists()
  3. How can a plugin create a page/form in the front end?
  4. Looking for WordPress System Diagrams
  5. How to output message during plugin activation
  6. How to provide translations for a WordPress TinyMCE plugin?
  7. Init action hook running late after PayPal’s return url?
  8. Get specific color from admin color scheme
  9. Where do I start from
  10. How do you create a custom edit.php / edit pages page
  11. Check the Version of an Enqueue’d External Library
  12. Edit the output of wp_widget_rss_output()
  13. Change of query var in pre_get_posts not maintained
  14. Hook for post permalink update
  15. Menu Error in Admin Console with Custom Plugin: You do not have sufficient permissions to access this page
  16. How to Parse an Array of Elements in Gutenberg Block
  17. Load page template with custom content using a plugin
  18. Custom rewrite rule serves content, but returns 404 error code
  19. Will changing the ‘Plugin Name’ header in the next update of a plugin break anything?
  20. Performance of several get_option() calls
  21. Should I ask my Twitter plugin users to create their own Twitter App and API Keys to use my plugin?
  22. How to edit mySQL wp_posts table from plugin php?
  23. Creating a Wordpess Plugin that writes data to a csv file. The data doesn’t show in the csv file?
  24. WP_Query with tax_query, order by most ‘matches’
  25. Using the Settings API, how should I add multiple values to an option?
  26. WP custom menus error > menu name already exists?
  27. Problem with is_active_sidebar?
  28. Prevent Plugin from loading on ‘wp-admin / wp-login’
  29. How to sanitize user input?
  30. Remove Internal Style Sheet if no Value Provided?
  31. Widget update function not saving values
  32. Getting admin notices working for plugin errors
  33. An echo line in a transition_post_status action leads to “cannot modify header information – headers already sent by”
  34. get_the_excerpt() is not returning an empty string when the_excerpt is blank?
  35. “Plugin could not be activated because it triggered a fatal error.”
  36. Storing product price data in the database
  37. Does the order of sections in readme.txt matter?
  38. Correct check for any admin page with editor
  39. Add column in WP user but it goes wrong
  40. modify wordpress default search
  41. How to remove the current post from the query?
  42. “import declarations may only appear at top level of a module” when importing WooCommerce API node module
  43. How to perform a heavy and long process in cron jobs?
  44. Woocommerce extend tax report with custom column
  45. Is file_get_contents() the only way for plugins reading local files OR does WP_Filesystem_Direct::get_contents() even work?
  46. how to get up row in wordpress with wpdb
  47. Preview plugin store details
  48. Hook into Jetpacks Publicize without using a post type
  49. Get attachments from a post
  50. How to limit number of number of categories displayed by categories widget
  51. How to remove default style of header in wordpress metabox
  52. TEMPLATEPATH without the theme name? No THEMEPATH constant?
  53. Is it necessary to do validation again when retrieving data from database?
  54. wp_update_post deletes post meta in CPT
  55. Using WordPress PHP code, how to bulk delete only 100 subscribers at a time from thousands of users?
  56. Checking a WordPress for OWASP top 10 vulnerabilities [closed]
  57. flush rewrite rules after plugin update?
  58. term_exists() returning NULL on term that exists
  59. hook filter after the_content on a specific page
  60. The Correct Way to Use Nonce Field without Settings API
  61. Run command “composer install” when activating wordpress plugin
  62. Page is loading after submit before the file is processed
  63. Insert Into Post Not Working For Audio File Using jQuery
  64. Adding Custom CSS with PHP
  65. How to remove/replace current page template?
  66. How to receive notification of deprecated API elements and functions?
  67. Using password protection to load different page elements?
  68. It is possible to pass $args that sent by add_settings_field() inside another function?
  69. Change reminder email date to 14 days before
  70. .htaccess with WordPress – create my own pretty url with parameters (above WordPress settings)
  71. Generating a password-protected front-end page via a plugin
  72. Woocommerce get_term_by() in transition_post_status hook doesn’t works
  73. wp_remote_post not working with admin-post.php
  74. Why is that only the first row getting inserted into Mysql table when i import csv file on backend custom plugin?
  75. Adding Amchart Interface to WordPress API
  76. WordPress Own Rewrite Rules
  77. Default media uploader is not showing in wordpress website
  78. Don’t print customizer styles when no setting has been used
  79. Load custom translation in custom plugin fails
  80. Buddy Press restrict the capability to edit users
  81. Plugin with functions inside a class & how to trigger WP CRON
  82. “Headers Already Sent” Nightmare on Plugin
  83. add_settings_error on validating plugin options API
  84. Uncaught ReferenceError: kpoejy is not defined
  85. Problem to return more than single line captions
  86. Unable to show a message after plugin activation
  87. How to get an array out of a nav menu if it’s a plugin?
  88. Is there better way to do this without duplicating queries?
  89. How to create a simple plugin which show/hide an html code in wordpress?
  90. Can I access WordPress API’s from within plugin scripts?
  91. Is there a way to make is_search() always return false
  92. Translation of plugin Upload button
  93. Ajax url value to pass ‘variable’ to use in query
  94. Apply Filters Causing a 500 Internal Server Error
  95. Create wordpress dashboard metabox which spans all columns
  96. add_filter adds output in the head
  97. How can i add insertion point between inner blocks in my custom block like core blocks
  98. How to add extra EXIF data when images are uploaded?
  99. How to boost WP custom post REST API GET queries by custom taxonomies
  100. I want to redirect user to an amazon product page from my wordpress website when they add product to there cart [closed]