# Restrict direct access to PHP files from theme or plugin directories
# Place in root .htaccess file
# Restrict direct access to PHP files from plugin directories
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
# Restrict direct access to PHP files from theme directories
RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]
// Prevent Direct Access to Theme/Plugin files
// Place at the top of your theme or plugin files
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly