PluginCheck.CodeAnalysis.DirectFileAccess.Missing
Missing direct file access guard
A PHP file can be executed directly instead of being loaded through WordPress.
Why It Shows Up
The scan found a PHP file that does not stop execution when WordPress constants are missing.
Why It Matters
Direct execution bypasses the plugin's normal WordPress runtime assumptions and can expose warnings, output, or side effects.
How to Fix
- Place `if ( ! defined( 'ABSPATH' ) ) { exit; }` near the top of the PHP file.
- Apply the guard consistently to include files, admin files, and front-end handlers.
- For intentional endpoints, route through WordPress and validate permissions, nonces, and inputs explicitly.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| No results. | |||||||