I am building a Wordpress plugin that should be used on my site only. I have placed it at the regular place under wp-content/plugins/myPlugin. In that directory I have placed an index.php to prevent directory listing and also hide the fact that there is a directory with the name myPlugin by sending the request to 404-page of wordpress. The code:
include ('../../../wp-load.php');
header("HTTP/1.0 404 Not Found - Archive Empty");
$wp_query->set_404();
require TEMPLATEPATH . '/404.php';
exit;
This though do not hinder anyone from accessing my php file on myurl.com/wp-content/plugins/myPlugin/myPlugin.php. How can I achieve the same 404 for this and other php files in my plugin? It is important to note that these files should be accessible via Wordpress admin though. Maybe wordpress admin sets some global variable when I am accessing a php file via myurl.com/wp-admin/admin.php?page=myPlugin/myPlugin.php ?