Title: Plugin security
Last modified: August 18, 2016

---

# Plugin security

 *  [explor1ng](https://wordpress.org/support/users/explor1ng/)
 * (@explor1ng)
 * [18 years, 9 months ago](https://wordpress.org/support/topic/plugin-security/)
 * I saw that a plugin file can be accessed directly by anyone without going to 
   admin page first, although it will be (mostly) showing error since some WP functions
   haven’t been declared, but still it makes me worried. Is there a defined constant
   which can be checked at the top of plugin code to determine if it’s being run
   in WP or not? something that we usually use in a php include file.
 *     ```
       if !defined('SOMETHING')
          die();
       ```
   

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [18 years, 9 months ago](https://wordpress.org/support/topic/plugin-security/#post-614580)
 * no there isnt.
 *     ```
       <?php
       if (basename($_SERVER['PHP_SELF']) == basename ( __FILE__ ) ) {
       die();
       }
       ?>
       ```
   
 * will work though.
 *  Thread Starter [explor1ng](https://wordpress.org/support/users/explor1ng/)
 * (@explor1ng)
 * [18 years, 9 months ago](https://wordpress.org/support/topic/plugin-security/#post-614583)
 * ah okay, I’ll try it, thanks.
    You seem quite expert in WP, if it’s possible,
   could you answer my other questions, please and please? 🙂 🙂

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Plugin security’ is closed to new replies.

 * 2 replies
 * 2 participants
 * Last reply from: [explor1ng](https://wordpress.org/support/users/explor1ng/)
 * Last activity: [18 years, 9 months ago](https://wordpress.org/support/topic/plugin-security/#post-614583)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics