If you develop WordPress plugins professionally or as a side hustle, it is important to recognize security issues. With WordPress powering large swaths of the internet, code security should be a vital part of your development.
In this light, I wanted to share several key areas of security that every WordPress developer should be mindful of during their development of code projects.
Don't Let Direct Access Occur
While many web hosts are built around allowing access to files that reside on the server, we shouldn't allow our plugin files to be accessed directly. We need to make sure that its only "WordPress itself" that is accessing the plugin files.
The best way to handle this is to perform a conditional check at the top of the plugin files that makes sure the file isn't being accessed from outside WordPress.