Deny direct access to theme PHP files? #366

jmcintyresage · 2023-01-18T15:55:09Z

jmcintyresage
Jan 18, 2023

Shortly after public launch, one of our Bootscore-based sites started getting hit with requests for the base theme's index.php and search.php files, resulting in fatal PHP errors because get_header() wasn't defined.

Would the developers consider adding code that would deny direct access to the base theme's PHP files? Something as simple as:

// Stop if this file is called directly
defined( 'ABSPATH' ) || exit;

Respectfully,
JIm

crftwrk · 2023-01-18T16:15:42Z

crftwrk
Jan 18, 2023
Maintainer

Yes, this seems to be a good idea. Created an issue from this discussion #367 to track this. Do you want to create a PR?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bootscore

Deny direct access to theme PHP files? #366

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Bootscore

Deny direct access to theme PHP files? #366

Uh oh!

jmcintyresage Jan 18, 2023

Replies: 1 comment

Uh oh!

Uh oh!

crftwrk Jan 18, 2023 Maintainer

jmcintyresage
Jan 18, 2023

crftwrk
Jan 18, 2023
Maintainer