theme development - Where i should not use if (!defined('ABSPATH')) { exit; }?

I think this best way to prevent direct access..

<?php if (!defined('ABSPATH')) { exit; }?>

i have used this on all my php files..can it create problems? any files on WordPress theme i should not use it?

I think this best way to prevent direct access..

<?php if (!defined('ABSPATH')) { exit; }?>

i have used this on all my php files..can it create problems? any files on WordPress theme i should not use it?

• theme-development
• security

Share Improve this question asked Nov 16, 2018 at 11:12 user145078user145078 1

• See wordpress.stackexchange/questions/62999/… – fuxia ♦ Commented Nov 16, 2018 at 13:50

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 8

The point of that code is to prevent any PHP inside the file from being executed if the file is accessed directly outside a WordPress context. ABSPATH is defined by WordPress, so if it's missing when the file is accessed you can tell that it's not running in a WordPress context.

So the only place you wouldn't use it is in any file that you did need to access directly. There probably shouldn't be any such files in a WordPress theme or plugin. The most common example might be a file for handling AJAX requests, but in WordPress you should be using admin-ajax.php or the REST API for that sort of thing.