Good afternoon, I am using WordPress for my site and have some custom php files in my child theme. These are used for processing form data, sending emails, sending SMS messages and also creating password encoded zip files. I wanted to not allow direct access to these php files, so I read including the following would stop this issue: if ( ! defined( 'ABSPATH' ) ) { exit; // Exit if accessed directly } I have checked my wp-config file to ensure ABSPATH is defined. I am assuming that because my form action path is a direct path to the php file URL i.e action="mywordpresswebsite.com/folder/myFormFile.php" that perhaps this is outside of WordPress' initialisation process and therefore ABSPATH isn't being defined? I'm not entirely sure and am also wondering about people's thoughts on if there are security issues with the way I have done this. Is there security issues if my php files' are directly accessible? Just to confirm, the actual process form script denies access to all GET requests, it's the other php files that are required that would contain the ABSPATH check. Any help is massively appreciated, and I want to ensure my site is secure to the highest degree. Kind regards