[wp-trac] [WordPress Trac] #53271: How to stop direct access wp-includes files
WordPress Trac
noreply at wordpress.org
Wed Sep 17 20:11:17 UTC 2025
#53271: How to stop direct access wp-includes files
----------------------------+------------------------
Reporter: classicalrehan | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 5.7.1
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
----------------------------+------------------------
Changes (by jjefferyknighttery):
* severity: critical => normal
Comment:
Hi Team,
I am getting 500 error due to WordPress loopholes,
if someone trying to access directly this file then it's generating 500
error because in these below file wp extend another class "Walker" without
checking ABSPATH
if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly
}
File: wp-includes/class-walker-nav-menu.php
File: wp-includes/class-walker-comment.php
File: wp-includes/class-walker-category-dropdown.php
The walker class include in wp via wp-settings.php but in my case user are
directly access file
still ?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53271#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list