[wp-trac] [WordPress Trac] #63303: Direct access to wp-settings.php results in a fatal error due to undefined ABSPATH constant.
WordPress Trac
noreply at wordpress.org
Fri Apr 18 05:54:21 UTC 2025
#63303: Direct access to wp-settings.php results in a fatal error due to undefined
ABSPATH constant.
----------------------------+-----------------------------
Reporter: matinlk | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bootstrap/Load | Version: 6.8
Severity: critical | Keywords:
Focuses: |
----------------------------+-----------------------------
When attempting to directly access `wp-settings.php` via a browser (e.g.,
navigating to `https://example.com/wp-settings.php`), a fatal error is
triggered:
[16-Apr-2025 19:58:43 UTC] PHP Fatal error: Uncaught Error: Undefined
constant "ABSPATH" in /home/example/public_html/wp-settings.php:34
Stack trace:
#0 {main}
thrown in /home/example/public_html/wp-settings.php on line 34
This occurs because `ABSPATH` is not defined unless `wp-settings.php` is
loaded through `wp-config.php`.
### Suggested Solution:
To avoid direct access and prevent such fatal errors, I recommend adding a
conditional check at the top of the `wp-settings.php` file like this:
```php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63303>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list