Category Archives: Plugins

05) Security

For security, consider blocking direct access to your files by adding the following line of code at the top of each file:

defined('ABSPATH') or die("permission denied!");


if (!defined('ABSPATH')) exit;

Direct access to your files could cause PHP errors which would disclose your WordPress install path.

The ABSPATH constant is set in the bootstrap file wp-load.php. It will define ABSPATH as wp-load.php’s directory:

define( 'ABSPATH', dirname(__FILE__) . '/' );

Here are the first two files executed when your WordPress site is accessed:


And at the top of wordpress/wp-load.php you will find this:


index.php > wp-blog-header.php > wp-load.php > wp-config.php > wp-settings.php > functions.php

06) File Header Format



The WordPress plugin repository takes the “Requires” and “Tested up to” versions from the wordpress/wp-content/plugins/akismet/readme.txt file.

=== Akismet ===
Contributors: matt, ryan, andy, mdawaffe, tellyworth, josephscott, lessbloat, eoigal, cfinke, automattic, jgs
Tags: akismet, comments, spam
Requires at least: 3.2
Tested up to: 4.1.1
Stable tag: 3.1.1
License: GPLv2 or later

Akismet checks your comments against the Akismet Web service to see if they look like spam or not.

== Description ==

Akismet checks your comments against the Akismet Web service to see if they look like spam or not and lets you review the spam it catches under your blog's "Comments" admin screen.

Stable tag should indicate the Subversion “tag” of the latest stable version, or “trunk,” if you use `/trunk/` for stable.


Top of the Akismet plugin PHP file:

 * @package Akismet
Plugin Name: Akismet
Plugin URI:
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from comment and trackback spam</strong>. It keeps your site protected from spam even while you sleep. To get started: 1) Click the "Activate" link to the left of this description, 2) <a href="">Sign up for an Akismet API key</a>, and 3) Go to your Akismet configuration page, and save your API key.
Version: 3.1.1
Author: Automattic
Author URI:
License: GPLv2 or later
Text Domain: akismet

* General Public License, version 2

07) Hooks

At various times while running, WordPress checks to see if any Plugins have registered functions to run at that time.

If so, the functions are run.

Plugins register their functions to execute at various times using “filter” and “action” hooks. Filters expect you to return something and actions do not.

Use these commands in your plugin:

 add_action( $hook, $myFunction );
 add_filter( $hook, $myFunction );

Look for these commands in the PHP source code to see where hooks are executed:

 do_action( "$hook" )
 apply_filters( "$hook", "what_to_filter" )

For instance, look into the wordpress/wp-admin/admin-footer.php template to find the admin_footer_text filter hook. It looks like this:

echo apply_filters( 'admin_footer_text', '<span id="footer-thankyou">' . $text . '</span>' );

Look into the wordpress/wp-admin/admin-header.php template to find the admin_notices action hook.