Prevent direct file access to functions.php

Adding this snippet to the functions.php of your wordpress theme will prevent direct file access to the functions.php file via the URL "http://wpsnipp.com/wp-content/themes/themename/functions.php" Great snippet from Pete over at swisswp.

if (!empty($_SERVER['SCRIPT_FILENAME']) && 'functions.php' == basename($_SERVER['SCRIPT_FILENAME']))
die ('No access!');

Comments  Leave a Reply

  1. it’s ok but how can we use it?

  2. Muhammad Nur'Ihsan Berahim Sam June 11, 2013 at 5:08 am

    i suggest:

    defined(‘ABSPATH’) or die(‘nothing here.’);

    you can find ABSPATH in wp-config.php

  3. Muhammad Nur'Ihsan Berahim Sam June 11, 2013 at 5:04 am

    i suggest this:

    defined( ‘ABSPATH’ ) or die(‘i love you hacker.’);

    you can find ABSPATH in wp-config.php
    if the user load the wp environment correctly, ASBPATH should be defined or we kick them.

  4. i try it for my website, but it dont work and the website are down, it work after i change this line :
    die (‘He’s dead, Jim!’);
    todie (‘Hes dead, Jim!’);
    pls correct your code

    1. Opps sorry about that I fixed the error. Cheers Enjoey the snippet.

  5. This throws an error. The  “&&” should actually be “&&” for it to work.

    1. Oops. That didn’t work. The first && should be the HTML symbol for the ampersand- & amp; (without the space).

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

WordPress Launch Checklist

The Ultimate WordPress Launch Checklist

We've compiled all the essential checklist items for your next WordPress website launch into one handy ebook.
Yes, Send Me the Free eBook!