Ecommerce Shopify WordPress Discussion

WordPress Security for Custom PHP files

Good day, I am quite concerned about whether storing custom php files within my child theme is secure, and if they would be publicly accessible since they are within the web root. For example, if my file path was something like "https://mywebsite.com/wp-content/themes/my-child-theme/my-php-file.php" and this was called in a form as the action path, would this be able to be accessed for malicious use? This php file could be handling pulling data from a database for example, or having the path to the configuration file with API keys in it. I'm relatively inexperienced so I'm not sure if this is a dumb question or not, but I would really appreciate some guidance on WordPress security with custom php files, if I should be using nonces or hooks instead of the example action path. Best regards
WordPress leverages both .htaccess files and server file permissions to keep key php files safe from bad-actor access. You can additionally require POST requests to your file by checking for $_POST data and exiting if there isn't any. Nonces are another method you could use to ensure your calls and files are kept safe.

February 13, 2024

To restrict access to a file in Apache webservers you can add following code in .htaccess file that is placed in public_html/ directory: <Files "/wp-content/themes/my-child-theme/my-php-file.php"> Order Allow,Deny Deny from all </Files>

February 13, 2024

There are multiple concerns, let's address them separately. 1. Files you do not want to be requested at all Simply redirect from those with your webserver. 2. Restricting access For example, if you want a file to only receive POST requests and to reject GET requests, you can check for the request method and either throw an error, display a warning or silently ignore badly formed requests. 3. Top-secret data Such as database authentication credentials. Make sure you never ever version these values and if you by accident versioned these values and they are available at GitHub or something of the like, then change passwords, etc. 4. File browsing If you want to prevent file browsing, put this line into .htaccess: Options -Indexes

February 13, 2024

TurboCommerce make the better internet purchasing globaly

Turbo Multi-language Translator

Make the better internet purchasing globaly

Turbosify SEO Speed Booster

5.0 (7) Free plan available
Get better conversions by improving store loading speed Installed

Turbo Multi-language Chat - AI Customer service in one hand

TurboCommerce make the better internet purchasing globaly
Our products

The help you need, when you need it

App by Turbo Engine

3 apps • 5.0 average rating

Turbosify Speed Booster

5.0 (7)
Get better conversions by optimizing shopify store Google page speed Installed

Turbosify Translator for Wordpress Woocommerce

5.0 (74) Free Wordpress Woocommerce Plugin
Translate your wordpress website to multiple language within 1 click, no configuration needed, no No technical required

Grow your business here

Whether you want to sell products down the street or around the world, we have all the tools you need.