[wp-trac] [WordPress Trac] #47154: Prevent "Call to undefined function: get_header()" error in theme files

WordPress Trac noreply at wordpress.org
Mon May 6 16:43:44 UTC 2019


#47154: Prevent "Call to undefined function: get_header()" error in theme files
-------------------------+-----------------------------
 Reporter:  devonto      |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:  5.1.1
 Severity:  minor        |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 Referencing a ticket from 14 years ago(!)
 (([https://core.trac.wordpress.org/ticket/1530])), I would like to propose
 that the default WordPress themes - and the theme developer guidelines -
 be updated to include protection from accessing theme files directly.

 Accessing these files give PHP warnings, usually as follows:

 {{{
 Fatal error: Call to undefined function: get_header()
 }}}


 Whilst @markjaquith was correct in stating that theme files are not
 supposed to be accessed directly, bots are finding their ways into theme
 folders (and triggering index.php) specifically, resulting in the errors
 being logged.

 I believe it'd be good practice to extend the recommendation from the
 "Writing a Plugin" documentation
 ([https://codex.wordpress.org/Writing_a_Plugin#Plugin_Files]) to the
 "Theme Handbook" ([https://developer.wordpress.org/themes/template-files-
 section/page-template-files/])

 Following that recommendation, updating twentynineteen et al to include
 this (or at least code similar in intention) as the first lines of PHP
 coding.

 {{{
 defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47154>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list