(More) secure PHP includes
Quick tip for securing your PHP includes, place them above your web-accessible root directory.
So for example, if you normally keep your includes in a web-accessible directory, such as:
/var/www/vhosts/example.com/httpdocs/wordpress/includes/
Instead, move the files further up the directory structure so they’re not accessible from the Web, like so:
/var/includes/
Then include them in your theme files via their full path:
<?php include_once('/var/includes/some-file.php'); ?>
Bada-bing, files included in this way are inaccessible from the World Wide Web.
★ Pro Tip:
WordPress Resources
![[ The Tao of WordPress ]](/wp/wp-content/uploads/go/250x250-tao-of-wordpress.jpg)
![[ GA Pro: WordPress + Google Analytics ]](/wp/wp-content/uploads/go/250x250-ga-pro.jpg)
![[ WordPress Themes In Depth ]](/wp/wp-content/uploads/go/250x250-wp-themes-in-depth-alt.jpg)
![[ .htaccess made easy ]](/wp/wp-content/uploads/go/250x250-htaccess-made-easy.jpg)
![[ SAC Pro: WordPress Chat Plugin ]](/wp/wp-content/uploads/go/250x250-sac-pro.jpg)
![[ USP Pro - User Submitted Posts ]](/wp/wp-content/uploads/go/250x250-usp-pro.jpg)