Prevent Direct File Access to functions.php

Snippets by IsItWP

Are you looking for a way to prevent users to access the functions.php file using a link? While there’s probably a plugin for this, we have created a quick code snippet that you can use to prevent direct file access to functions.php file in WordPress.


All you have to do is add this code to your theme’s functions.php file or in a site-specific plugin:

if (!empty($_SERVER['SCRIPT_FILENAME']) && 'functions.php' == basename($_SERVER['SCRIPT_FILENAME']))
die ('No access!');

Note: If this is your first time adding code snippets in WordPress, then please refer to our guide on how to properly copy / paste code snippets in WordPress, so you don’t accidentally break your site.

If you liked this code snippet, please consider checking out our other articles on the site like: 27 best WordPress business themes for your website and 9 best WordPress help desk plugins.

Comments   Leave a Reply

  1. it’s ok but how can we use it?

  2. Muhammad Nur'Ihsan Berahim Sam June 11, 2013 at 5:08 am

    i suggest:

    defined(‘ABSPATH’) or die(‘nothing here.’);

    you can find ABSPATH in wp-config.php

  3. Muhammad Nur'Ihsan Berahim Sam June 11, 2013 at 5:04 am

    i suggest this:

    defined( ‘ABSPATH’ ) or die(‘i love you hacker.’);

    you can find ABSPATH in wp-config.php
    if the user load the wp environment correctly, ASBPATH should be defined or we kick them.

  4. i try it for my website, but it dont work and the website are down, it work after i change this line :
    die (‘He’s dead, Jim!’);
    todie (‘Hes dead, Jim!’);
    pls correct your code

    1. Opps sorry about that I fixed the error. Cheers Enjoey the snippet.

  5. This throws an error. The  “&&” should actually be “&&” for it to work.

    1. Oops. That didn’t work. The first && should be the HTML symbol for the ampersand- & amp; (without the space).

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

WordPress Launch Checklist

The Ultimate WordPress Launch Checklist

We've compiled all the essential checklist items for your next WordPress website launch into one handy ebook.
Yes, Send Me the Free eBook!