Opened 6 months ago
Last modified 8 weeks ago
#47154 new enhancement
Prevent "Call to undefined function: get_header()" error in theme files
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | minor | Version: | 5.1.1 |
| Component: | Bundled Theme | Keywords: | |
| Focuses: | Cc: | ||
| PR Number: |
Description (last modified by )
Referencing a ticket from 14 years ago(!) (#1530), I would like to propose that the default WordPress themes - and the theme developer guidelines - be updated to include protection from accessing theme files directly.
Accessing these files give PHP warnings, usually as follows:
Fatal error: Call to undefined function: get_header()
Whilst @markjaquith was correct in stating that theme files are not supposed to be accessed directly, bots are finding their ways into theme folders (and triggering index.php) specifically, resulting in the errors being logged.
I believe it'd be good practice to extend the recommendation from the "Writing a Plugin" documentation (https://codex.wordpress.org/Writing_a_Plugin#Plugin_Files) to the "Theme Handbook" (https://developer.wordpress.org/themes/template-files-section/page-template-files/)
Following that recommendation, updating twentynineteen et al to include this (or at least code similar in intention) as the first lines of PHP coding.
defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
Related: #47109