missing_direct_file_access_protection

Missing direct file access protection

A PHP file in the plugin can be loaded directly instead of through WordPress.

medium weight

Why It Shows Up

Plugin Check found a PHP file without an early guard such as an ABSPATH check. Without that guard, a browser or script can request the file by path.

Why It Matters

Direct access can run code outside the normal WordPress bootstrap, expose output, or trigger assumptions about loaded functions, permissions, and request context.

How to Fix

  • Add a guard near the top of PHP files that are not intended to be requested directly.
  • Use `if ( ! defined( 'ABSPATH' ) ) { exit; }` before the file performs work or sends output.
  • Keep template partials and bootstrap files protected too, not only the main plugin file.

Notes

  • Files that are deliberately public endpoints should route through WordPress APIs or explicitly validate the request before doing work.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#3451Internal Linking of Related Contents40714471k+Output is not escaped
#3452Invite Anyone40321301k+Non-prefixed hook name
#3453Quotes Addon for GetPaid4019121700Text Domain Mismatch
#3454JSM Show Order Metadata for WooCommerce HPOS401764700Nonce verification recommended
#3455JSM Show Post Metadata40156610k+Nonce verification recommended
#3456JSM Show Term Metadata401464800Nonce verification recommended
#3457JSM Show User Metadata4014643k+Nonce verification recommended
#3458La Sentinelle antispam4088463k+Output is not escaped
#3459Flag Icons40300193k+Output is not escaped
#3460Social Like Box and Page by WpDevArt4062245k+Output is not escaped
#3461Limit Login Attempts408138300k+Output is not escaped
#3462Links shortcode407313900Unsafe printing function
#3463WP All Import – Listings Import for Listify403427400Output is not escaped
#3464LJ Multi Column Archive4017251k+Output is not escaped
#3465Loan Comparison4027192400Request data is not unslashed
#3466Logbook4033591k+Nonce verification recommended
#3467WPO365 | Mail Integration for Office 365 / Outlook4059272k+Output is not escaped
#3468MailerSend – Official SMTP Integration4039252k+Unsafe printing function
#3469Manual Image Crop40178618k+Output is not escaped
#3470Mark New Posts406139500Non Singular String Literal Domain
#3471MAS Company Reviews For WP Job Manager4044711k+Output is not escaped
#3472Mass Email To Users408481800Output is not escaped
#3473MembershipWorks – Membership, Events & Directory4041292k+Output is not escaped
#3474WP Mobile Redirect404420400Text Domain Mismatch
#3475Monkeyman Rewrite Analyzer4089102k+Non Singular String Literal Domain
#3476코드엠샵 소셜톡404736400Output is not escaped
#3477Multiple Featured Images4050225k+Output is not escaped
#3478Flying Images: Optimize and Lazy Load Images for Faster Page Speed4032583k+Missing direct file access protection
#3479NextGEN Gallery Sidebar Widget405910500Output is not escaped
#3480No-Bot Registration40112422k+Unsafe printing function
#3481No CAPTCHA reCAPTCHA40112264k+Text Domain Mismatch
#3482One Click SSL401366210k+Unsafe printing function
#3483OPML Importer4035133k+Output is not escaped
#3484Owl Carousel WP4062191k+Output is not escaped
#3485Page As Subdomain Lite406125500Output is not escaped
#3486Page Comments Off Please4017291k+Nonce verification recommended
#3487Donations via PayPal401431720k+Output is not escaped
#3488PE Recent Posts40292112k+Output is not escaped
#3489Permalink Editor4050281k+Output is not escaped
#3490Permalink Manager for WooCommerce40115208k+Short PHP open tag found
#3491List Petfinder Pets4012146400Output is not escaped
#3492Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels40692283k+Missing nonce verification
#3493Popup addon for Ninja Forms40121251k+Output is not escaped
#3494Post Tiles40465400Output is not escaped
#3495Requirements Checklist4020022900Output is not escaped
#3496Private Google Calendars40227371k+Output is not escaped
#3497Privilege Widget4013952600Text Domain Mismatch
#3498Product Video Gallery for Woocommerce40613610k+Setting is missing a sanitization callback
#3499PT Theme Addon4067211k+Output is not escaped
#3500Quick Child Theme Generator402274900Request data is not unslashed