WordPress Code Snippets

A fresh mix of code snippets and tutorials

(More) secure PHP includes

101

Quick tip for securing your PHP includes, place them above your web-accessible root directory.

So for example, if you normally keep your includes in a web-accessible directory, such as:

/var/www/vhosts/example.com/httpdocs/wordpress/includes/

Instead, move the files further up the directory structure so they’re not accessible from the Web, like so:

/var/includes/

Then include them in your theme files via their full path:

<?php include_once('/var/includes/some-file.php'); ?>

Bada-bing, files included in this way are inaccessible from the World Wide Web.


Show Support

Like our new Facebook Page to show support!