[wp-trac] [WordPress Trac] #63303: Direct access to wp-settings.php results in a fatal error due to undefined ABSPATH constant.

WordPress Trac noreply at wordpress.org
Fri Apr 18 15:32:22 UTC 2025 

#63303: Direct access to wp-settings.php results in a fatal error due to undefined
ABSPATH constant.
-------------------------------------------------+-------------------------
 Reporter:  matinlk                              |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
                                                 |  Review
Component:  Bootstrap/Load                       |     Version:
 Severity:  critical                             |  Resolution:
 Keywords:  has-patch dev-feedback has-testing-  |     Focuses:
  info                                           |
-------------------------------------------------+-------------------------
Changes (by sabernhardt):

 * version:  6.8 =>


Old description:

> When attempting to directly access `wp-settings.php` via a browser (e.g.,
> navigating to `https://example.com/wp-settings.php`), a fatal error is
> triggered:
>
> [16-Apr-2025 19:58:43 UTC] PHP Fatal error:  Uncaught Error: Undefined
> constant "ABSPATH" in /home/example/public_html/wp-settings.php:34
>
> Stack trace:
> #0 {main}
>   thrown in /home/example/public_html/wp-settings.php on line 34
>
> This occurs because `ABSPATH` is not defined unless `wp-settings.php` is
> loaded through `wp-config.php`.
>
> ### Suggested Solution:
>
> To avoid direct access and prevent such fatal errors, I recommend adding
> a conditional check at the top of the `wp-settings.php` file like this:
>
> ```php
> if ( ! defined( 'ABSPATH' ) ) {
>     exit;
> }

New description:

 When attempting to directly access `wp-settings.php` via a browser (e.g.,
 navigating to `https://example.com/wp-settings.php`), a fatal error is
 triggered:

 {{{
 [16-Apr-2025 19:58:43 UTC] PHP Fatal error:  Uncaught Error: Undefined
 constant "ABSPATH" in /.../wp-settings.php:34

 Stack trace:
 #0 {main}
   thrown in /.../wp-settings.php on line 34
 }}}

 This occurs because `ABSPATH` is not defined unless `wp-settings.php` is
 loaded through `wp-config.php`.

 === Suggested Solution:

 To avoid direct access and prevent such fatal errors, I recommend adding a
 conditional check at the top of the `wp-settings.php` file like this:

 {{{#!php
 if ( ! defined( 'ABSPATH' ) ) {
     exit;
 }
 }}}

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/63303#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list