missing_direct_file_access_protection

Missing direct file access protection

A PHP file in the plugin can be loaded directly instead of through WordPress.

medium weight

Why It Shows Up

Plugin Check found a PHP file without an early guard such as an ABSPATH check. Without that guard, a browser or script can request the file by path.

Why It Matters

Direct access can run code outside the normal WordPress bootstrap, expose output, or trigger assumptions about loaded functions, permissions, and request context.

How to Fix

  • Add a guard near the top of PHP files that are not intended to be requested directly.
  • Use `if ( ! defined( 'ABSPATH' ) ) { exit; }` before the file performs work or sends output.
  • Keep template partials and bootstrap files protected too, not only the main plugin file.

Notes

  • Files that are deliberately public endpoints should route through WordPress APIs or explicitly validate the request before doing work.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#6801Widget Post Slider99201k+Missing direct file access protection
#6802WP Remove Query Strings From Static Resources99843k+Text Domain Mismatch
#6803X Addons for Elementor9920900Missing direct file access protection
#6804Playlist Player for YouTube99312k+Missing direct file access protection
#6805ZoloBlocks – Advanced Gutenberg Blocks, Website Builder & Page Design Toolkit99321k+Missing direct file access protection
#6806Automatic Cache Flusher for W3 Total Cache100104k+Missing direct file access protection
#6807Bookmark Card10010700Missing direct file access protection
#6808Definitely allow mobile zooming100107k+Missing direct file access protection
#6809Disable Emojis (GDPR friendly)1001060k+Missing direct file access protection
#6810Disable XML-RPC10010200k+Missing direct file access protection
#6811Generate Child Theme100109k+Missing direct file access protection
#6812Hyperlink Group Block100107k+Missing direct file access protection
#6813Makeiteasy Slider100101k+Missing direct file access protection
#6814Media Trash Button10010400Missing direct file access protection
#6815Nelio Content – Editorial Calendar & Social Media Auto-Posting100104k+Missing direct file access protection
#6816Press Release Distribution10010700Missing direct file access protection
#6817Pushly10010900Missing direct file access protection
#6818Term Description: Rich Text Editor (Powered by TinyMCE) for WooCommerce10010700Missing direct file access protection
#6819Shortcode Redirect1001010k+Missing direct file access protection
#6820Splide Carousel Block100103k+Missing direct file access protection
#6821Unique Title Checker100101k+Missing direct file access protection