(More) secure PHP includes
Quick tip for securing your PHP includes, place them above your web-accessible root directory.
So for example, if you normally keep your includes in a web-accessible directory, such as:
/var/www/vhosts/example.com/httpdocs/wordpress/includes/
Instead, move the files further up the directory structure so they’re not accessible from the Web, like so:
/var/includes/
Then include them in your theme files via their full path:
<?php include_once('/var/includes/some-file.php'); ?>
Bada-bing, files included in this way are inaccessible from the World Wide Web.
★ Pro Tip:
WordPress Resources
![[ Banhammer Pro: Hammer the Enemy ]](/wp/wp-content/uploads/go/250x250-banhammer.jpg)
![[ Blackhole Pro: Trap and Block Bad Bots ]](/wp/wp-content/uploads/go/250x250-blackhole-pro.jpg)
![[ Wizard’s Collection: SQL Recipes for WordPress ]](/wp/wp-content/uploads/go/250x250-wizards-sql.png)
![[ WordPress Themes In Depth ]](/wp/wp-content/uploads/go/250x250-wp-themes-in-depth-alt.jpg)
![[ USP Pro - User Submitted Posts ]](/wp/wp-content/uploads/go/250x250-usp-pro.jpg)
![[ Digging Into WordPress ]](/wp/wp-content/uploads/go/250x250-digging-into-wordpress.jpg)