Consider adding to all theme php files: if (!defined('ABSPATH')) { exit; }

I'm seeing a lot of PHP error logs triggered by bots who are directly accessing theme folders or files (such as /wp-content/themes/betheme/index.php).

When accessed, the pages fail to load and produce an error such as:

PHP Fatal error: 
Uncaught Error: Call to undefined function get_header() in
/home/vhosts/domain.com/httpdocs/wp-content/themes/betheme/index.php:10

Might I suggest that you add a line of code to all PHP files to prevent access outwith WordPress?
It's just good security practice.

if (!defined('ABSPATH')) { exit; }

Comments

  • Hello,
    sorry but this is not a theme issue. Those errors are directly from Wordpress. We have seen this issue before with somebody elses Wordpress. We fixed it by re-installing Wordpress completly.
    thanks
  • This is a theme issue.

    And it is good practice to make theme files inaccessible from outwith WordPress.

    It has no bearing on the WordPress version and reinstalling will not fix it.

    If you look at the PHP warning, it is logging an error as get_header() is not defined.
    It is not defined since a bot is accessing it directly.

    Checking if ABSPATH is defined ensures the theme files are being loaded by WordPress and not accessed directly.


    Please reconsider and add this single line to the php files in the theme... index.php at the very least.
  • The get_header() function is coming straight from the wordpress.
    As you can see the problem is related with that function, so it means, that the problem is related to the wordpress files.

    Please reinstall your wordpress from a scratch.
    See how to do it here in the most simplest way:

    Also, thanks you for your input, we'll take this "ABSPATH" suggestion in the consideration.
    For now, if you would like to have this "abspath" as soon as possible, then you should add it by yourself in the theme files - of course, do not forget about installing the Child Theme, to prevent removing your customizations while updating the theme.
    Thanks
  • I am aware that get_header() is part of WordPress.

    The error has nothing to do with WordPress itself, it is being triggered by direct access to the theme index.php file.

    Reinstalling WordPress will not solve the issue. Only checking if WordPress is loaded in index.php will solve it.
  • Please send us WordPress dashboard access privately thru the contact form which is on the right side at http://themeforest.net/user/muffingroup#contact and we will check what might be the reason.

    Notice!
    Please attach a link to this forum discussion.


    Thanks
  • I have explained the reason.

    A bot is directly accessing the theme index.php file outside of WordPress.

    You can replicate it yourself with php warnings on and access /wp-content/themes/betheme/index.php in the browser.
  • edited May 2019
    Please check themes like "twentysixteen" or "twentynineteen", there is no abspath there. You will not find those kinds of methods in wordpress themes.

    Another thing is that we cannot access our index.php file from a direct path in our hosting. If your hosting lets you do that then it is not configured properly and you should contact your hosting provider.

    We get this while accesing the index.php file, using the method you mentioned: http://prntscr.com/nl3f5i

    thanks
  • The 500 error is not a hosting feature, it is an error.

    Check your logs to see why, it will more than likely be the "get_header() is not defined"
  • No, it is just that the hosting is blocking the incoming connection to this file.
    We want to help you, but we will not change our core files just for this. Nobody ever had this problem in the past, so we suggest you take a look at your hosting environment. The 500 error pops up when there are security or permission problems. Thus the index.php will not get opened.

    Furthermore, we are not willing to change anything in the theme files currently so you would have to change it for your installation if you have problems with it.
  • Also, bare in mind that other themes, especially basic themes provided by Wordpress do not have any abspath function called in the php files. If this is something you want, you would have to change it manually by yourself.

  • edited May 2019
    Must I also remind you that:
    What you ask for, requires files customization what in reference to Item Support Policy is not allowed. So if you want to modify files and don't know how, you should contact your web developer. Item Policy says: Item support does not include services to modify or extend the item beyond the original features, style, and functionality described on the item page. For customization services that will help you tailor the item to your specific requirements, we recommend contacting the author to see if they privately offer paid customisation services or checking out the great service providers on Envato Studio thanks
Sign In or Register to comment.